Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Users
how conflicting multiple local port forwardings should be solved
ariel.burbaickij at gmail
May 27, 2009, 1:52 AM
Post #1 of 5 (4053 views)
Permalink
Hello all,
I am using OpenSSH_5.0p1, OpenSSL 0.9.8h

and have following setup:

First local port forwarding (specific ports are just for sake of
example) on the local machine (used by several users simultaneously):

ssh -L 7777:localhost:7777 some_user_name1@system1

Then the second user comes and sets up the section in following way:

ssh -L 7777:localhost:7777 some_user_name1@system2

He is successful in setting the second port forwarding session.

On attempt to connect to local port 7777 second user is forwarded to system1.

In my opinion the behaviour is wrong, the second attempt should not
work (with some error message like
ambiguous port forwarding) , let alone the forwarding to system1

What would be your take on this?

/wbr
Ariel Burbaickij
Re: how conflicting multiple local port forwardings should be solved [ In reply to ]
joseph85750 at yahoo
May 27, 2009, 10:26 AM
Post #2 of 5 (3909 views)
Permalink
--- On Wed, 5/27/09, Ariel Burbaickij <ariel.burbaickij@gmail.com> wrote:

> I am using OpenSSH_5.0p1, OpenSSL 0.9.8h
>
> and have following setup:
>
> First local port forwarding example:
>
> ssh -L  7777:localhost:7777 some_user_name1@system1
>
> Then the second user comes and sets up the section in
> following way:
>
> ssh -L 7777:localhost:7777 some_user_name1@system2
>
> He is successful in setting the second port forwarding
> session.
>
> On attempt to connect to local port 7777 second user is
> forwarded to system1.
>
> In my opinion the behaviour is wrong, the second attempt
> should not
> work (with some error message like
> ambiguous port forwarding) , let alone the forwarding to
> system1

I don't see how this could be any different. The 1st connection builds a local port of 7777. The 2nd connection attempts to build the same local port, but can not bind since the port is already in use. At this point, the 2nd user (and any user for that matter) will always get the first/current local port 7777.

I just ran a test on a SSH-2.0-OpenSSH_4.6 client where I built a local port 10080, and in another window tried to build that same port. I got an error:

channel_setup_fwd_listener: cannot listen to port: 10080
Could not request local forwarding.
Re: how conflicting multiple local port forwardings should be solved [ In reply to ]
wooledg at eeg
May 27, 2009, 11:34 AM
Post #3 of 5 (3920 views)
Permalink
On Wed, May 27, 2009 at 10:52:30AM +0200, Ariel Burbaickij wrote:
>
> ssh -L 7777:localhost:7777 some_user_name1@system1
>
> Then the second user comes and sets up the section in following way:
>
> ssh -L 7777:localhost:7777 some_user_name1@system2
>
> He is successful in setting the second port forwarding session.

Really? I get an error when I try to duplicate your results:

imadev:~$ ssh -L 7777:localhost:22 vandev
RSA host key for IP address '10.76.142.101' not in list of known hosts.
wooledg@vandev's password:
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 7777
Could not request local forwarding.

> On attempt to connect to local port 7777 second user is forwarded to system1.

Right, because the second user failed to set up the forward. So he's
just using the successful first forward, which anyone on the client
system can use.
Re: how conflicting multiple local port forwardings should be solved [ In reply to ]
ariel.burbaickij at gmail
May 27, 2009, 11:46 AM
Post #4 of 5 (3909 views)
Permalink
Would be strange topic for cheating, wouldn't it ?! ;-)
Yes, it is real. I can bind two times to the same local
port for better (or most probably) worse of it.

/wbr
Ariel Burbaickij

On Wed, May 27, 2009 at 8:34 PM, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
> On Wed, May 27, 2009 at 10:52:30AM +0200, Ariel Burbaickij wrote:
>>
>> ssh -L 7777:localhost:7777 some_user_name1@system1
>>
>> Then the second user comes and sets up the section in following way:
>>
>> ssh -L 7777:localhost:7777 some_user_name1@system2
>>
>> He is successful in setting the second port forwarding session.
>
> Really? I get an error when I try to duplicate your results:
>
> imadev:~$ ssh -L 7777:localhost:22 vandev
> RSA host key for IP address '10.76.142.101' not in list of known hosts.
> wooledg@vandev's password:
> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 7777
> Could not request local forwarding.
>
>> On attempt to connect to local port 7777 second user is forwarded to system1.
>
> Right, because the second user failed to set up the forward. So he's
> just using the successful first forward, which anyone on the client
> system can use.
>
Re: how conflicting multiple local port forwardings should be solved [ In reply to ]
kosala.atapattu at gmail
May 29, 2009, 9:52 AM
Post #5 of 5 (3910 views)
Permalink
AFAIK, you can't bind two sockets to the same port, at least on Linux.
Can you send us the output of "netstat -anp --inet", and "ps -ef |
grep ssh"? This is strange indeed!!!

Kosala

On Wed, May 27, 2009 at 9:46 PM, Ariel Burbaickij
<ariel.burbaickij@gmail.com> wrote:
> Would be strange topic for cheating, wouldn't it ?! ;-)
> Yes, it is real. I can bind two times to the same local
> port for better (or most probably) worse of it.
>
> /wbr
> Ariel Burbaickij
>
> On Wed, May 27, 2009 at 8:34 PM, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
>> On Wed, May 27, 2009 at 10:52:30AM +0200, Ariel Burbaickij wrote:
>>>
>>> ssh -L  7777:localhost:7777 some_user_name1@system1
>>>
>>> Then the second user comes and sets up the section in following way:
>>>
>>> ssh -L 7777:localhost:7777 some_user_name1@system2
>>>
>>> He is successful in setting the second port forwarding session.
>>
>> Really?  I get an error when I try to duplicate your results:
>>
>> imadev:~$ ssh -L 7777:localhost:22 vandev
>> RSA host key for IP address '10.76.142.101' not in list of known hosts.
>> wooledg@vandev's password:
>> bind: Address already in use
>> channel_setup_fwd_listener: cannot listen to port: 7777
>> Could not request local forwarding.
>>
>>> On attempt to connect to local port 7777 second user is forwarded to system1.
>>
>> Right, because the second user failed to set up the forward.  So he's
>> just using the successful first forward, which anyone on the client
>> system can use.
>>
>



--
Kosala
--------------------------------------------
Disclaimer: Views expressed in this mail are my personal views and
they would not reflect views of the employer.
--------------------------------------------
blog.kosala.net
www.linux.lk/~kosala/
www.kosala.net

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal