On 4/10/23 23:29, Orion Poplawski wrote:
It appears from reading
https://api.libssh.org/stable/libssh_tutor_forwarding.html that in order to
implement reverse port forwarding one must continually call
ssh_channel_accept_forward() in order to accept any possible connections from
the remote side. Is this correct?
It presents a couple challenges:
* It's a very inefficient method - polling vs. event driven
* It can generate a huge amount of log messages as ssh_channel_accept() logs
an error every time it is called and there is nothing to accept:
[2023/04/10 12:17:34.044502, 1] ssh_channel_accept: No channel request of
this type from server
See also https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1421
So:
* If polling is indeed the only mechanism available here, libssh should not be
emitting an error in this case. Possibly a DEBUG or TRACE level message
instead, but honestly enabling it for anything like x2goclient that does
continual polling will just swamp the logs.
* Is there a possibility of implementing a callback method to accept remote
connections?
From what I read, this is about the client side logs. I think
downgrading the message to DEBUG or TRACE would be the least thing we
can do and it sounds like a reasonable solution. Do you want to open a
merge request?
Regarding the polling, the tutorial is quite dated so it does not
provide any information about the connectors and callbacks. Right now,
there are x11 and auth_agent callbacks available in the channels. Adding
a similar handler into the ssh_execute_client_request() for handling
SSH_CHANNEL_FORWARDED_TCPIP should not be hard. I think the reason it is
not there yet is that nobody asked for that before or nobody implemented
this.
Skiming through the issue tracker, there is an request for this
actually, even with a patch, but it will require some work and test
coverage to get merged:
https://gitlab.com/libssh/libssh-mirror/-/issues/43
Help is always welcomed.
Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.
