Bug 3057

Summary: Fork-bomb when misconfiguring a host to ProxyJump onto itself
Product: Portable OpenSSH Reporter: Andrej Kacian <andrej>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: enhancement CC: ahmedsayeed1982, djm, dtucker, petoju, woodwardj
Priority: P5    
Version: 7.9p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 3117    
Attachments:
Description Flags
Detect simple proxyjump loops
none
Also check jumphost user djm: ok+

Description Andrej Kacian 2019-08-14 18:14:20 AEST 
Following configuration causes ssh to spawn endless copies of itself when user tries to connect to the specified host.

Host foo
ProxyJump foo

# or more generic
Host *
ProxyJump %h

I have reproduced this on 7.9p1 on Suse Linux Enterprise Server 15 and on 7.4p1 on Debian Stretch (currently oldstable).

Depending on limits configured on the server, this, like any other forkbomb, can cause all kinds of fun behavior on the local server.

Perhaps the client could check for this edge case and avoid trying to make an impossible proxy connection.
Comment 1 petoju 2019-12-21 21:28:33 AEDT 
*** Bug 3107 has been marked as a duplicate of this bug. ***
Comment 2 Darren Tucker 2020-02-18 19:53:37 AEDT 
Created attachment 3356 [details]
Detect simple proxyjump loops

We have just committed the follow patch which should address this issue (at least for the simple case) and will be in the 8.3 release.  Thanks for the report.
Comment 3 woodwardj 2020-07-30 06:05:35 AEST 
Shouldn't this check also verify it is not the same user? I often use -J <un-privileged-user>@<same host> <privileged-user>@<same host>.
Comment 4 Darren Tucker 2020-07-31 13:52:43 AEST 
Created attachment 3436 [details]
Also check jumphost user

I hadn't considered that use case but we could do that too.
Comment 5 Darren Tucker 2020-07-31 14:20:35 AEST 
Patch applied, thanks.  It will be in the 8.4 release.
Comment 6 Damien Miller 2021-04-23 15:01:28 AEST 
closing resolved bugs as of 8.6p1 release
Comment 7 Ahmed Sayeed 2021-10-14 01:40:31 AEDT 
[spam removed]