Bug 2577

Summary:

Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor

Product:

Portable OpenSSH

Reporter:

jan.stuehler

Component:

ssh

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

major

CC:

dtucker, jan.stuehler

Priority:

Version:

7.2p1

Hardware:

amd64

OS:

Linux

Bug Depends on:

Bug Blocks:

2543

Attachments:

Description	Flags
Allow ExitOnForwardFailure=no and ClearAllForwardings=no to be overridden when using -W.	none

Description jan.stuehler 2016-05-31 16:08:18 AEST

Port Forwarding on the proxy does not work. Debug shows "debug1: getpeername failed: Bad file descriptor". OpenSSH_7.2p2, OpenSSL 1.0.2h-fips  3 May 2016.
Related to bug 2200 ("ssh -W causes "getsockname failed: Bad file descriptor" errors")? 

Reproduction:

~/.ssh/config:
Host jump
 HostName my.dynamicdns.com
 Port 2222
 User user
 IdentityFile ~/.ssh/user-jump_ed25519
 DynamicForward 1080
Host */remote
 ProxyCommand ssh -vvv -W $(dirname %h) jump 2>~/sshpc.log
Host target
 HostName target
 Port 22
 User user
 IdentityFile ~/.ssh/user-target_ed25519

ssh target/remote
(check ss -lant4 in second terminal: no listener on port 1080)
(exit ssh session)

cat sshpc.log
[...]
Authenticated to my.dynamicdns.com ([12.34.56.78]:2222).
debug3: ssh_init_stdio_forwarding: router:22
debug1: channel_connect_stdio_fwd router:22
debug1: channel 0: new [stdio-forward]
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: getpeername failed: Bad file descriptor
debug3: send packet: type 90
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
[...]

Comment 1 jan.stuehler 2016-05-31 16:13:59 AEST

replace "router" in the debug output with "target", please ;)

Comment 2 Darren Tucker 2016-06-01 11:27:59 AEST

(In reply to jan.stuehler from comment #0)
> Port Forwarding on the proxy does not work.

That's deliberate.  In ssh.c where it handles the 'W' option:

  options.request_tty = REQUEST_TTY_NO;
  no_shell_flag = 1;
  options.clear_forwardings = 1;
  options.exit_on_forward_failure = 1;

The reason for it is that we need to fail if we can't do the stdio forward, and right now it's all or nothing so the second and subsequent attempts to use use the jumphost will fail (and possibly the first too, eg if the port is busy).

Right now because of the way the first-match options parsing works you can't override the value by setting ClearAllForwardings=no either.

> Debug shows "debug1: getpeername failed: Bad file descriptor".

That's harmless.  The port forwarding message in the protocol has a field for the source address of the forwarded connection, and when the forwarding code tries to look up the source address of stdin it can't, so it uses the string "UNKNOWN" instead.

Comment 3 Darren Tucker 2016-06-01 13:21:11 AEST

Created attachment 2819 [details]
Allow ExitOnForwardFailure=no and ClearAllForwardings=no to be overridden when using -W.

This patch defers the setting of ExitOnForwardFailure and ClearAllForwardings when using -W until after options parsing to allow them to be overridden either on the command line or in the config file.  Please give it a try and let us know how it goes.

$ ssh -W foo:123 -G bar | egrep -i 'exiton|clearall'
clearallforwardings yes
exitonforwardfailure yes

$ ssh -W foo:123 -o clearallforwardings=no -o exitonforwardfailure=no -G bar | egrep -i 'exiton|clearall'
clearallforwardings no
exitonforwardfailure no

Comment 4 jan.stuehler 2016-06-02 05:17:17 AEST

Ah, that looks wonderful.
You mean "patch" as in "compile from source"? This will be interesting. :)

Comment 5 Darren Tucker 2016-07-20 11:00:33 AEST

Patch has been applied and will be in the 7.3 release.
https://anongit.mindrot.org/openssh.git/commit/?id=0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4

Thanks.

Comment 6 Damien Miller 2016-08-02 10:41:52 AEST

Close all resolved bugs after 7.3p1 release