Bug 2562 - CanonicalizeHostname causes duplicate LocalForward attempts
Summary: CanonicalizeHostname causes duplicate LocalForward attempts
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.1p1
Hardware: ix86 Mac OS X
: P5 normal
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_7_3
  Show dependency treegraph
 
Reported: 2016-04-04 09:55 AEST by Matthew Ghali
Modified: 2016-08-02 10:40 AEST (History)
2 users (show)

See Also:

Attachments
don't record duplicate forwards (2.71 KB, patch)
2016-04-05 15:31 AEST, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Ghali 2016-04-04 09:55:51 AEST 
When CanonicalizeHostname reloads ssh config, LocalForward entries end up duplicated; this causes a connection failure if ExitOnForwardFailure is set.

test config:
Host mini
    IdentityFile ~/.ssh/keys/id_rsa
    LocalForward localhost:8000 localhost:80

Host *
    CanonicalizeHostname yes
    ExitOnForwardFailure yes


result:
mghali@ernie.int.snark.net:~$ ssh -v -F tmp/config mini
OpenSSH_7.1p1, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data tmp/config
debug1: tmp/config line 1: Applying options for mini
debug1: tmp/config line 5: Applying options for *
debug1: Re-reading configuration after hostname canonicalisation
debug1: Reading configuration data tmp/config
debug1: tmp/config line 1: Applying options for mini
debug1: tmp/config line 5: Applying options for *
debug1: Connecting to mini [192.168.0.250] port 22.
debug1: Connection established.
[...]
Authenticated to mini ([192.168.0.250]:22).
debug1: Local connections to localhost:8000 forwarded to remote address localhost:80
debug1: Local forwarding listening on ::1 port 8000.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8000.
debug1: channel 1: new [port listener]
debug1: Local connections to localhost:8000 forwarded to remote address localhost:80
debug1: Local forwarding listening on ::1 port 8000.
bind: Address already in use
debug1: Local forwarding listening on 127.0.0.1 port 8000.
bind: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 8000
Could not request local forwarding.

Disabling CanonicalizeHostname results in a single set of port forwarding actions and success:
mghali@ernie.int.snark.net:~$ ssh -v -F tmp/config -o 'CanonicalizeHostname no' mini
OpenSSH_7.1p1, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data tmp/config
debug1: tmp/config line 1: Applying options for mini
debug1: tmp/config line 5: Applying options for *
debug1: Connecting to mini [192.168.0.250] port 22.
debug1: Connection established.
[...]
Authenticated to mini ([192.168.0.250]:22).
debug1: Local connections to localhost:8000 forwarded to remote address localhost:80
debug1: Local forwarding listening on ::1 port 8000.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8000.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
Comment 1 Damien Miller 2016-04-05 15:31:52 AEST 
Created attachment 2803 [details]
don't record duplicate forwards

Thanks. This patch should help.
Comment 2 Matthew Ghali 2016-04-05 15:48:46 AEST 
Thanks - I see this already was fixed in 7.2p2 - sorry I didn't check first!
Comment 3 Damien Miller 2016-04-08 13:31:54 AEST 
patch is committed and will appear in openssh-7.3. Thanks!
Comment 4 Damien Miller 2016-08-02 10:40:48 AEST 
Close all resolved bugs after 7.3p1 release