Bug 3333

Summary: Both Local Port forwarding and Remote port forwarding at openSSH working is not a right case, if SSH Client is on Remote port forwarding
Product: Portable OpenSSH Reporter: PavanKumar K Arakere <pshimoga>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: security CC: djm, dtucker, pshimoga
Priority: P5    
Version: 8.2p1   
Hardware: All   
OS: Linux   

Description PavanKumar K Arakere 2021-07-28 20:44:17 AEST 
Target solution:
Applications (client and server) to run over SSH port forwarding / tunnel setup (SSH client  and Server).
----------------------------------------------------------------------
Issue: OpenSSH at server side need to port forward only for Remote port forwarding requests when the client SSH is on -L mode, but with 8.2p1 build, it does connect apps even on (-L) Local port forward options.
1B. Command: $SSH -R 6900:127.0.0.1:5900 ssh@127.0.0.1
or
1B. Command: $SSH -L 6900:127.0.0.1:5900 ssh@127.0.0.1
Comments: both commands are working.
---------------------------------------------------------------------
Question: SSH as server supporting both modes (-L) and (-R) if the SSH as client is running (-L) option is known behavior? or does it needs a fix. 
----------------------------------------------------------------------

TestBench:
Remote system connected with home network system via VPN.
======================================================================
Setup details:
1. At linux machine in remote network:
1A. VNC_Server is running at port 5900 and configured to accept connection strictly for 127.0.0.1 IP only.
Command: $./libVncServer/example/example

1B. openSSH as server in port forwarding mode is supposed to work only for (-R) Remote port forwarding mode but it works for (-L) Local port forwarding as well.
Command: $SSH -R 6900:127.0.0.1:5900 ssh@127.0.0.1

---------------------------------------------------------------------
2. At windows machine in home network:
2A. openSSH as client in set in (-L) mode.
Command: ssh -L 5900:127.0.0.1:6900 <user>@<LinuxMachineIP>

2B. VNC viewer in UI settings configured to connect to 127.0.0.1 at port 5900.

======================================================================
Comment 1 PavanKumar K Arakere 2021-07-29 00:36:27 AEST 
Setup:

VNCServer<-->OpenSSH_Server(RPF) <===> openSSH_Client(LPF)<-->VNCClient
------------------------------------------------------------------------

Individual App details:
1. VNCServer on LinuxSystem: configured to run at 127.0.0.1 at port 5900

2. OpenSSH as Server on LinuxSystem: 
ssh -R 6900:127.0.0.1:5900 user@127.0.0.1

3. OpenSSH as Client on Windows: 
ssh -L 5900:127.0.0.1:6900 user@LinuxSystemIP

4. VNCClient on Windows: VNCClient.exe 127.0.0.1:5900
configured to connect to 127.0.0.1 on port 5900
Comment 2 Damien Miller 2021-07-29 07:01:23 AEST 
If I'm understanding your report correctly then this is working as intended:

> 1B. Command: $SSH -R 6900:127.0.0.1:5900 ssh@127.0.0.1

This asks ssh/sshd to forward remote port 6900 to 127.0.0.1:5900 at the local side.

> 1B. Command: $SSH -L 6900:127.0.0.1:5900 ssh@127.0.0.1

This asks ssh/sshd to forward local port 6900 to 127.0.0.1:5900 at the remote side.

Since the "remote side" in both these examples is localhost, there is no effective difference between these commands, and they could be used interchangeably.
Comment 3 Darren Tucker 2021-07-29 11:47:33 AEST 
(In reply to PavanKumar K Arakere from comment #1)
> 2. OpenSSH as Server on LinuxSystem: 
> ssh -R 6900:127.0.0.1:5900 user@127.0.0.1

This step in unnecessary.

> 3. OpenSSH as Client on Windows: 
> ssh -L 5900:127.0.0.1:6900 user@LinuxSystemIP

You want this instead:
$ ssh -L 5900:127.0.0.1:5900 user@LinuxSystemIP

Note that some vncviewer implmentations have ssh port forwarding integrated with the "-via" flag.  If you have one of those you can replace steps 2-4 with:

$ vncviewer -via user@LinuxSystemIP 127.0.0.1