ExitOnForwardFailure not behaving as expected...



Hello everyone,

I'm experiencing some strange behavior with ssh and I'm trying to figure
out where the problem might be. I'm running Ubuntu 9.04. Relevant
version numbers:

$ ssh -V
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

$ dpkg-query -W openssh-client
openssh-client 1:5.1p1-5ubuntu1

$ uname -a
Linux bodhi 2.6.28-9-generic #31-Ubuntu SMP Wed Mar 11 15:43:49 UTC 2009 x86_64 GNU/Linux

Now, ExitOnForwardFailure is not behaving the way I'd expect it to. Let
me show you what I'm experiencing. In the following examples port 50001
is already used by some other process. Port 55555 and 50505 are free.
This first example is the one which causes me trouble. It finds that
50001 is already in use but it does not exit. I'd expect it to exit
because the binding failed.

$ ssh -N -L 50001:localhost:55555 -o ExitOnForwardFailure=yes ldd@localhost
bind: Address already in use

When I run ssh -v, I see that ssh fails to bind on 127.0.0.1:50001 but
successfully binds [::1]:50001. It considers the second binding to be
good enough to go forward.

This one exits on forward failure as expected... but the funny thing is
that * or leaving the binding address empty should be equivalent.

$ ssh -N -L '*':50001:localhost:55555 -o ExitOnForwardFailure=yes ldd@localhost
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 50001
Could not request local forwarding.

This one exits on forward failure as expected, probably because IPV6 is
disabled:

$ ssh -4 -N -L 50001:localhost:55555 -o ExitOnForwardFailure=yes ldd@localhost
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 50001
Could not request local forwarding.

This one exits on forward failure as expected, probably because both
bindings are requested separately:

$ ssh -N -L 127.0.0.1:50001:localhost:50505 -L [::1]:50001:localhost:55555 -o ExitOnForwardFailure=yes ldd@localhost
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 50001
Could not request local forwarding.

Is there something I am misunderstanding? Is there a problem in ssh?
Is there some Linux peculiarity at play here?

Thanks,
Louis



Relevant Pages

  • Re: Net::SSH::Perl bind socket problem
    ... >> bind to), maybe the ssh object is not destroyed between the loops. ... > I did use netstat -neat during, and after the script launch. ... only to handle the "port already in use" case... ...
    (perl.beginners)
  • Re: Attacks against SSH?
    ... It would be interesting to know what version of BIND and SSH he was ... If he was running the latest versions of BIND and OpenSSH that RedHat ... I saw several things in the logs which gave me the ... Did you restart sshd after upggrading it? ...
    (Incidents)
  • Re: What happened to SSH?
    ... It's because:: is IPv6 address, and this is what SSH binds to when it first start's, being that IPv4 is also enabled, when it tries to bind to the IPv4 address, it find's that it is already being used. ... Possibly disable IPv6 support in kernel or use the ListenAddress option in your SSHD server config file. ... (or bind the ListenAddress to a specific IP) ...
    (Fedora)
  • Re: 5.2p1 no longer sets DISPLAY
    ... client ssh is still 3.9p1 and sshd_config is the same). ... what's happening is that the OS is asked for a list of addresses for localhost and is returning a list that includes the inet6 address, however attempting to bind to it fails. ... Previously sshd would ignore this failure, but that allows third parties to bind to inet6 ports in the X11 forwarding range and potentially hijack X connections. ... Good judgement comes with experience. ...
    (SSH)
  • Re: ssh not exiting because of spawned process
    ... remote host, ... "foo" is a small program that spawns a process (let's call it ... foo_spawn) and then exits. ... However, what is actually happening is that the ssh stays open, ...
    (comp.unix.solaris)