Bug 2286 - Port ignored when re-reading config after canonicalization
Summary: Port ignored when re-reading config after canonicalization
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 6.6p1
Hardware: Other Linux
: P5 minor
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_6_8
  Show dependency treegraph
 
Reported: 2014-10-07 09:20 AEDT by Philip Lewis
Modified: 2015-03-18 18:17 AEDT (History)
1 user (show)

See Also:

Attachments
Patch to make ssh_connect_direct use port parameter. (847 bytes, patch)
2014-10-07 09:20 AEDT, Philip Lewis 		no flags Details | Diff
Reset port number in canonicalised address list (1.18 KB, patch)
2014-10-07 10:03 AEDT, Damien Miller 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philip Lewis 2014-10-07 09:20:31 AEDT 
Created attachment 2482 [details]
Patch to make ssh_connect_direct use port parameter.

To reproduce:
--
# ~/.ssh/config
CanonicalizeHostname yes
CanonicalDomains mynet.local

Host *.mynet.local
Port 99
--
$ ssh -vvv somedomain
...
debug1: Canonicalized hostname "somedomain" => "somedomain.mynet.local"
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 4: Applying options for *.mynet.local
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to somedomain.mynet.local [127.0.0.1] port 22.
...

Expected result:
Connection attempted on port 99

Actual result:
Connection attempted on port 22.

More info:
The correct port is passed to ssh_connect_direct, but it is not used. ssh_proxy_connect works as expected.

Attached patch just sets the port inside the addrinfo struct before trying to connect.

Workaround:
Port 99
ProxyCommand nc %h %p
Comment 1 Damien Miller 2014-10-07 10:03:30 AEDT 
Created attachment 2483 [details]
Reset port number in canonicalised address list

Nice catch. The problem is that the canonicalisation code resolves the addresses before the second config pass and never updates them with the possibly-changed port number. This patch makes the update immediately after the post-canonicalisation config pass.
Comment 2 Damien Miller 2014-10-09 09:21:04 AEDT 
Patch applied - this will be in openssh-6.8
Comment 3 Damien Miller 2015-03-18 18:17:01 AEDT 
openssh-6.8 is released