[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ports/1748: Data loss in OpenSSH 2.5.1p1 and 2.5.2p2 port forwarding
- To: bugs_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
- Subject: Re: ports/1748: Data loss in OpenSSH 2.5.1p1 and 2.5.2p2 port forwarding
- From: Markus Friedl <markus_(_dot_)_friedl_(_at_)_informatik_(_dot_)_uni-erlangen_(_dot_)_de>
- Date: Fri, 6 Apr 2001 15:40:07 -0600 (MDT)
- Cc:
- Reply-to: Markus Friedl <markus_(_dot_)_friedl_(_at_)_informatik_(_dot_)_uni-erlangen_(_dot_)_de>
The following reply was made to PR ports/1748; it has been noted by GNATS.
From: Markus Friedl <markus_(_dot_)_friedl_(_at_)_informatik_(_dot_)_uni-erlangen_(_dot_)_de>
To: marten_(_at_)_treeweasel_(_dot_)_com
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: ports/1748: Data loss in OpenSSH 2.5.1p1 and 2.5.2p2 port forwarding
Date: Fri, 6 Apr 2001 23:31:27 +0200
Could you please provide an example output from:
ssh -v -v -v localhost -L 9000:muck.furry.org:8888
debugging output from the server (sshd -d -d -d)
would be helpful, too.
thanks, -m
On Thu, Mar 29, 2001 at 06:14:57PM -0800, marten_(_at_)_treeweasel_(_dot_)_com wrote:
>
> >Number: 1748
> >Category: ports
> >Synopsis: Data loss in OpenSSH 2.5.1p1 and 2.5.2p2 port forwarding
> >Confidential: no
> >Severity: serious
> >Priority: medium
> >Responsible: bugs
> >State: open
> >Class: sw-bug
> >Submitter-Id: net
> >Arrival-Date: Thu Mar 29 19:20:01 MST 2001
> >Last-Modified:
> >Originator: John R. Johns II
> >Organization:
> none
> >Release: 2.5.2p2
> >Environment:
> System : Linux 2.2.17-14
> Architecture: i686
> Machine : i686
> OpenSSL : openssl-0.9.5a-3
> >Description:
> I am using the portable version of OpenSSH and have identified a DATA
> LOSS problem in the port forwarding of the 2.5.1p1 and 2.5.2p2
> releases, running under Red Hat Linux on an intel platform. I do not
> know if this issue affects the nonportable releases. The problem is
> not present in 2.3.0p1.
>
> I frequently use port forwarding to encrypt a connection from my
> workplace to my home server, continuing unencrypted to its actual
> destination. I use the telnet client called Tinyfugue ( See
> http://www.muq.org/~hawkeye/tf/ ) to connect to social MUCKs through
> the forwarded ports.
>
> Tinyfugue has an "autologin" feature which will send data to the
> destination server as soon as the port opens successfully. Under
> OpenSSH 2.3.0p1, this feature works flawlessly; as soon as the
> connection to the MUCK is established, Tinyfugue sends a string of the
> format "connect muckusername muckpassword", which is received by the
> MUCK server, and I'm logged in.
>
> Under 2.5.1p and 2.5.2p, however, this initial string never reaches
> the server. Apparently, the port opens but for a brief time, any data
> sent to it is LOST. After a moment the connection is solid and data I
> send to the MUCK is received, but I have to log in manually because the
> autologin string was sent before the connection was really ready, and
> went into the bit-bucket.
>
> I have done some tests using two machines as well, and have isolated
> the problem to the server, not the client.
>
> I have done some tests using two machines as well, and have isolated
> the problem to the server, not the client.
>
> Client Server Diagnosis
> 2.3 2.3 works
> 2.5 2.3 works
> 2.3 2.5 breaks
> 2.5 2.5 breaks
> >How-To-Repeat:
> I am able to easily replicate this problem even with a local forwarding
> loop, with the following arrangements:
>
> Tinyfugue installed. file "tiny.world" contains:
> /world FurryMUCK guest guest localhost 9000
>
> In tty1:
> ssh localhost -L 9000:muck.furry.org:8888
> username_(_at_)_localhost's password: xxxxxxx
>
> In tty2:
> tf FurryMUCK
>
> Using 2.3.0p1 on the system, Guest will be automatically logged in.
> Using 2.5.1p1 or 2.5.2p2 on the system, Guest will not be logged in.
>
> I asked a friend to repeat this procedure on his box (another Linux
> system, kernel 2.2.18) and he was able to duplicate the problem.
>
> >Fix:
> Unknown
>
> >Audit-Trail:
> >Unformatted:
>
Visit your host, monkey.org