[
https://issues.apache.org/jira/browse/SSHD-792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16564623#comment-16564623
]
Ying Li commented on SSHD-792:
------------------------------
I'm seeing the same problem, which happens if I'm using mina sshd (2.0.0) and
openSSH client (7.4p1).
The following two scenarios does not work:
{code:java}
ssh -R 0.0.0.0:54321:localhost:12345 ...
curl http://localhost:54321
// and also
ssh -R 54321:localhost:12345 ...
curl http://localhost:54321
{code}
The reason is in
[https://github.com/apache/mina-sshd/blob/bba23bf70bcd7e4d5a972806a9df62669e7cda81/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Acceptor.java#L254]
{code:java}
protected Nio2Session createSession(Nio2Acceptor acceptor, SocketAddress
address, AsynchronousSocketChannel channel, IoHandler handler) throws Throwable
{
...
return new Nio2Session(acceptor, getFactoryManager(), handler, channel);
}
{code}
and
[https://github.com/apache/mina-sshd/blob/bba23bf70bcd7e4d5a972806a9df62669e7cda81/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java#L74]
{code:java}
public Nio2Session(Nio2Service service, FactoryManager manager, IoHandler
handler, AsynchronousSocketChannel socket) throws IOException {
...
this.localAddress = socket.getLocalAddress();
...
}
{code}
that the "address" which is client requested address("0.0.0.0:54321" for
example) is thrown away, but the "socket" which is the listening socket in
use("127.0.0.1:54321" in the above curl example). And then in
[https://github.com/apache/mina-sshd/blob/ace6c9fed48ab8ffef196ad05d4ea3faaab519ee/sshd-core/src/main/java/org/apache/sshd/common/forward/TcpipClientChannel.java#L111]
{code:java}
public synchronized OpenFuture open() throws IOException {
InetSocketAddress src;
InetSocketAddress dst;
Type openType = getTcpipChannelType();
switch (openType) {
...
case Forwarded:
src = (InetSocketAddress) serverSession.getRemoteAddress();
dst = (InetSocketAddress) serverSession.getLocalAddress();
tunnelEntrance = new SshdSocketAddress(src.getHostString(),
src.getPort());
tunnelExit = new SshdSocketAddress(dst.getHostString(),
dst.getPort());
break;
default:
throw new SshException("Unknown client channel type: " +
openType);
}
...
InetAddress dstAddress = dst.getAddress();
String dstHost = dstAddress.getHostAddress();
...
buffer.putString(dstHost);
buffer.putInt(dst.getPort());
...
}
{code}
That we write the "127.0.0.1:54321", the socket actually in use, instead of
"0.0.0.0:54321" in the packet. OpenSSH client checks the hostname against the
one it requested "0.0.0.0", and finds it doesn't match and rejects the request,
with error message afore mentioned:
{code:java}
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 12345,
originator ...
WARNING: Server requests forwarding for unknown listen_port 12345
{code}
I did a small experiment and return "address" or Nio2Acceptor boundAddress
(0.0.0.0:54321) and OpenSSH client was happy afterwards.
Btw I lied a little bit that "address" in the code above is actually ipv6
whereas the client requested ipv4 "0.0.0.0", that I'm not sure whether the
original hostname is kept anywhere.
Please let me know if you need more information.
> Remote Port-Forwarding uses invalid "original host" values
> ----------------------------------------------------------
>
> Key: SSHD-792
> URL: https://issues.apache.org/jira/browse/SSHD-792
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.6.0
> Environment: Java 8
> OSX
> Reporter: Andreas Haufler
> Assignee: Goldstein Lyor
> Priority: Major
> Labels: needs-test
> Attachments: Forwarder.java
>
>
> When starting a server which accepts all kinds of port forwarding:
> sshd.setTcpipForwardingFilter(new StaticDecisionForwardingFilter(true));
> remote port-forwarding doesn't work (at least when connecting from OSX)
> unless a specific address is given:
> ssh localhost -p 2222 -R10001:localhost:80 <- doesn't work
> ssh localhost -p 2222 -R127.0.0.1:10001:localhost:80 <- does work
> As far as I can tell, TcpipClientChannel.java:98 uses the underlying
> socket-address
> of the effective connection and transmit the host (which is either 127.0.0.1
> or ::1) on OSX.
> However, the client (ssh) would want to see "localhost" as original host in
> order to permit tunneling.
> Is there anything I am missing? Otherwise I could provide a PR which fixes
> this (by remembering the originally requested host and reporting that back).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
