Bug 22331 - openssh has connection forwarding problems
openssh has connection forwarding problems
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
7.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Tomas Mraz
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-12-15 01:54 EST by dh_redhat
Modified: 2007-04-18 12:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-31 06:40:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description dh_redhat 2000-12-15 01:54:15 EST
channel 17: chan_shutdown_read: shutdown() failed for fd21 [i1 o16]:
Transport endpoint is not connected

This is one typical error that I get running the following configuration:

1. CLIENT: openssh-2.3.0p1-4 as the client ssh

2. SERVER SSH Version 1.2.26 [i686-unknown-linux], protocol version 1.5.
Standard version.  Does not use RSAREF.
Linux mark 2.2.17 #2 Fri Oct 20 02:26:15 PDT 2000 i686 unknown

3. SQUID: Squid Cache version 2.3.STABLE4

4. Connection forwarding (no compression) from local port 2080 to remote
port 2080 where SQUID listens on.

Here's a picture of the configuration:

Browser --> ssh client port 2080 (as proxy for browser) --> [Internet] -->
sshd  on some remote host (forwards connections to localhost 2080) -->
squid (listens on 2080) --> [grab the requested page]

The problem is that some of the connections work, others die with the error
above on the Squid side.

Please note that the current configuration works fine when using a
different ssh client than openssh shipped with RedHat 7.0. For example an
ssh compiled by myself works fine. Also,  a Windows client F-Secure SSH 1.1
works fine.

It looks like openssh has a problem with connection forwarding.

I am doing this in order to prevent HTTP request loggin by my ISP.
Comment 1 Tomas Mraz 2005-02-02 10:55:24 EST
Please test with current Fedora Core distribution.
Comment 2 Tomas Mraz 2005-03-31 06:40:43 EST
No response, please reopen if still happens with a current FC/RHEL release.

Note You need to log in before you can comment on or make changes to this bug.