Logging in from an Ubuntu 18.04 machine, OpenSSH 7.6p1-4ubuntu0.3, the option ExitOnForwardFailure doesn't seem to work. I says 'bind: Address already in use' and I get a shell: ======= halfgaar@<localmachine>: ~ $ ssh -L 8080:localhost:22 -o ExitOnForwardFailure=yes root@server.com bind: Address already in use Linux <remoteserver> 4.9.0-8-686-pae #1 SMP Debian 4.9.144-3 (2019-02-02) i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Fri May 31 12:39:27 2019 from 84.22.107.110 root@<remoteserver>: ~ # ======= Using -f also just makes it fork. It does work properly with reverse tunnels (-R).
It does work properly from Ubuntu 16.04, Openssh 7.2p2-4ubuntu2.8: ssh -L 22022:localhost:22 -o ExitOnForwardFailure=yes root@server.com -p 22022 bind: Address already in use channel_setup_fwd_listener_tcpip: cannot listen to port: 22022 Could not request local forwarding.
Another interesting result: it started happening randomly. Apparently, it switched between ipv4 and ipv6. With -4, it works properly and fails consistently.
Could you please attach a debug trace from a failing instance? "ssh -vvv ..."
Created attachment 3435 [details] ssh -vvv output Debug trace with ExitOnForwardFailure=yes that still logs in.