https://bugzilla.mindrot.org/show_bug.cgi?id=3610
Bug ID: 3610 Summary: Using ControlPath and the -J option Product: Portable OpenSSH Version: 8.9p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: mathieu.pou...@cloud-iam.com Hi there, I'm wondering if `ssh` does properly support the `-J` option to jump through a bastion and the `ControlMaster` settings to reuse an existing connection. When I try to sequentially access two hosts with the same internal ip (10.0.1.2) that are behind a different bastion (bastion-1 and bastion-2), ssh is wrongly re-using the socket because it is "bound" to private ip (10.0.1.2) and it does not include any reference to the bastion's ip: ``` $ ssh -o ControlPersist=60s -o ControlMaster=auto -o ControlPath=/tmp/.ssh/control-%h-%p-%r -o StrictHostKeyChecking=no ubuntu@10.0.1.2 -p 666 -J bastion@bastion-1:666 hostname hostname-beyond-bastion-1 $ ssh -o ControlPersist=60s -o ControlMaster=auto -o ControlPath=/tmp/.ssh/control-%h-%p-%r -o StrictHostKeyChecking=no ubuntu@10.0.1.2 -p 666 -J bastion@bastion-2:666 hostname hostname-beyond-bastion-1 $ ls /tmp/.ssh/control* /tmp/.ssh/control-10.0.1.2-666-ubuntu ``` I have double checked but did not find anything to add in the ControlPath to refer to the bastion ip. I'm wondering if this is a known limitation or a bug / enhancement. So far, my understanding is that the ControlMaster should not be used when using the jumps. Thanks in advance -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs