General warning. As this seemed too obvious an issue to be (assumed) long standing, I tried to search for bugs, including resolved/closed, that match what I am about to report. I couldn't find any... but I also lack confidence that the search(/advanced search) isn't injecting keywords into filters, in an effort to "help", and is diluting the search. What I am reporting is pretty straight forward. I am trying to use the *working* binding of a remote port, to a socks proxy through the ssh client application. But I am trying to do so using the ~C - Open command line, analogous to command line invocation arguments, and in accordance with the ssh manual page. Doing so, I am encountering the error: Bad forwarding specification. Below is my best effort at demonstrating the issue. ## Demonstrating that port 13579 isn't initially bound, and is functional << $ nc -v localhost 13579 << nc: connect to localhost (127.0.0.1) port 13579 (tcp) failed: Connection refused # bind it in another session, and connect it in the original >> $ nc -v -l localhost 13579 >> Listening on localhost 13579 << $ nc -v localhost 13579 << Connection to localhost (127.0.0.1) 13579 port [tcp/*] succeeded! >. $ nc -v -l localhost 13579 >. Listening on localhost 13579 >> Connection received on localhost 60858 ## Now demonstrate working command line invocation -R port >> $ ssh -F /dev/null -R 13579 localhost >> Linux tordnim-debian 5.10.0-15-amd64 #1 SMP Debian 5.10.120-1 (2022-06-09) x86_64 >> .. >> $ <. Connection to localhost (127.0.0.1) 13579 port [tcp/*] succeeded! <. ^C << $ nc -v -X 5 -x localhost:13579 www.google.com 80 << Connection to www.google.com 80 port [tcp/http] succeeded! << GET / HTTP/1.0 << << HTTP/1.0 200 OK << ... ## Now demonstrate the ~C - Open command line error # first confirm port 13579 has been unbound << $ exit << logout << Connection to localhost closed. << $ >. ^C >> $ nc -v -X 5 -x localhost:13579 www.google.com 80 >> nc: connect to localhost port 13579 (tcp) failed: Connection refused # now remove -R from ssh invocation, and demonstrate >> $ ssh -F /dev/null localhost >> Linux tordnim-debian 5.10.0-15-amd64 #1 SMP Debian 5.10.120-1 (2022-06-09) x86_64 >> .. >> $ >> ssh> -R 13579 >> Bad forwarding specification. # unnecessary, but confirm port 13579 still unbound >> $ nc -v -X 5 -x localhost:13579 www.google.com 80 >> nc: connect to localhost port 13579 (tcp) failed: Connection refused According to the ssh manual page, this form of forwarding specification is allowable. ~C section: ## ~C Open command line. Currently this allows the addition of port ## forwardings using the -L, -R and -D options (see above). It also -R section: ## -R [bind_address:]port:host:hostport ## -R [bind_address:]port:local_socket ## -R remote_socket:host:hostport ## -R remote_socket:local_socket #* -R [bind_address:]port ## Specifies that connections to the given TCP port or Unix socket ## on the remote (server) host are to be forwarded to the local ## side. ## ... #* hostport, or local_socket, or, if no explicit destination was #* specified, ssh will act as a SOCKS 4/5 proxy and forward connec‐ #* tions to the destinations requested by the remote SOCKS client. Accordingly, I feel that encountering a "Bad forwarding specification." error is a defect. Though as per my preamble.. I rather suspect this is a "considered" omission, with some rationale.
Yep, it looks like the escape char command line processing was overlooked when dynamic forwarding was added to -R.
Created attachment 3625 [details] Check ~C -R for dynamic port forward Please try this patch which I think will fix it.
Comment on attachment 3625 [details] Check ~C -R for dynamic port forward Perfect. Working. Thank you.
This has been committed and will be in the 9.2 release. Thanks for the report.
OpenSSH 9.3 has been released. Close resolved bugs