Mailing List Archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 30 Dec 1999, Phil Karn wrote:

> Has anyone heavily exercised the TCP connection forwarding features
> in openssh?

No. I have performed casual testing with telnet and fowards to
SMTP and pop ports, but nothing high traffic.

> I use this feature quite extensively for secure web surfing. I run
> a ssh command like this:
>
> ssh -c blowfish -L3128:127.0.0.1:3128 squidmachine

I might give this a go myself.

Thanks,
Damien Miller

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4a9/TormJ9RG1dI8RAt8CAJ9fQUpxTutpbyp+agUAykbNXNsBnQCfbIPQ
u46ip9uH08I3M4ZkCPygEns=
=CyuO
-----END PGP SIGNATURE-----

On Thu, Dec 30, 1999 at 02:22:09AM -0800, Phil Karn wrote:
> Before I dig into the problem, has anyone else out there heavily
> exercised TCP port forwarding in openssh?

yes, i experience this, too, but no, i did not look into this yet.
i am using portforwarding for connections to webproxies, too.
i think, the problem has been fixed in ssh-1.2.2x since i remember
having the same problem with older versions of the 1.2.x family.
note that all the forwarded channels are locked, but you still
can control ssh with the ~ escape character and list all forwarded
connections.

-markus

Supported escape sequences:
~. - terminate connection
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)

(I just subscribed and am replying to a message found in the archive.
I apologize for any malformed headers or quotations.)

On Jan 2, 2000 at 12:42, Markus Friedl wrote:
> On Thu, Dec 30, 1999 at 02:22:09AM -0800, Phil Karn wrote:
> > Before I dig into the problem, has anyone else out there heavily
> > exercised TCP port forwarding in openssh?
> yes, i experience this, too, but no, i did not look into this yet.
> i am using portforwarding for connections to webproxies, too.
> i think, the problem has been fixed in ssh-1.2.2x since i remember
> having the same problem with older versions of the 1.2.x family.

Do you believe it to be a server or client-side issue? I'm having trouble
port forwarding (remote access to CVS) from an F-Secure SSH client for
MacOS to a server running openSSH 1.2.

I can't reproduce this error with other client platforms (Other MacOS SSH
programs don't support port-forwarding), so it might be an issue with the
client, though the client worked with the 1.2.27 server.

Here's the logs, any input anyone would have would be greatly appreciated.

Dec 30 16:41:47 zathras sshd[8693]: log: Connection from 192.168.5.2 port
2057
Dec 30 16:41:47 zathras sshd[8693]: log: PAM Password authentication
accepted for "username"
Dec 30 16:41:47 zathras PAM_pwdb[8693]: (sshd) session opened for user
username by (uid=0)
Dec 30 16:42:07 zathras sshd[8693]: log: Packet integrity error (37 != 42)
at channels.c:975
Dec 30 16:42:07 zathras sshd[8693]: fatal: Local: Packet integrity error.
(29)
Dec 30 16:42:07 zathras PAM_pwdb[8693]: (sshd) session closed for user
username

--
Rob Russell, Senior Computer Systems Manager rrussell@cibnetwork.com
Canadian Internet Broadcasting Network office: (613) 727.4818 x206
Reseau de Diffusion Internet du Canada cel: 282.7885 fax: 727.9366