From nobody@FreeBSD.org  Wed Jan 30 09:23:30 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id C296737B400
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 Jan 2002 09:23:29 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0UHNTn24434;
	Wed, 30 Jan 2002 09:23:29 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200201301723.g0UHNTn24434@freefall.freebsd.org>
Date: Wed, 30 Jan 2002 09:23:29 -0800 (PST)
From: Jan-Peter Koopmann <j.koopmann@akctech.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: 4.5S/sshd forwarding problems
X-Send-Pr-Version: www-1.0

>Number:         34458
>Category:       misc
>Synopsis:       4.5S/sshd forwarding problems
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    green
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 30 09:30:00 PST 2002
>Closed-Date:    Mon Aug 19 13:53:58 PDT 2002
>Last-Modified:  Mon Aug 19 13:53:58 PDT 2002
>Originator:     Jan-Peter Koopmann
>Release:        4.5 Stable
>Organization:
>Environment:
FreeBSD dajump.nextra.de 4.5-STABLE FreeBSD 4.5-STABLE #2: Wed Jan 30 10:37:15 CET 2002     root@dajump.nextra.de:/usr/obj/usr/src/sys/MYKERNEL  i386      
>Description:
I use ssh to tunnel tcp connections like IRC and http from my Windows client to a FreeBSD 4.5 Stable machine. Since I upgraded from 4.4R to 4.4S this does not work anymore. Symptoms: The ssh connection works normally but tunneled connection does not. 

Example with IRC: On my client I connect to localhost:6667 which is correctly tunneled via my FreeBSD machine to the IRC server. The connection request reaches the server. tcpdump shows that the IRC server even answers the request. The irc client however is unable to establish the connection. After around 60 seconds we see a "PING timeout" message from the IRC server. Funny enough THIS message is even transmitted through the tunnel to the client.

We crosschecked with differen irc clients, SSH clients and protocols (we tried the same thing with tunneling HTTP), Windows version, client-machines, FreeBSD versions and machines. Everything works up to FreeBSD 4.4R. After that: Nothing.

To us this seems to be a problem of dropped packets. To exclude client-program problems we tried connecting to the tunnel with telnet. THIS WORKS!
>How-To-Repeat:
1. Setup an ssh connection with tunnel/forward of port 6667 to an irc-server:6667. Client: Windows 2000 or XP. Server: FreeBSD 4.5R.

2. Try to establish a connection on your Windows client with an irc program (e.g. mirc) to localhost:6667. Wait for the timeout.

3. Then try to establish a connection on your Windows client using telnet to the same port and be astonished!
>Fix:
Downgrade to 4.4R. Sad but true. :-)
>Release-Note:
>Audit-Trail:

From: "Jan-Peter Koopmann" <j.koopmann@akctech.de>
To: <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: misc/34458: 4.5S/sshd forwarding problems
Date: Wed, 30 Jan 2002 19:00:08 +0100

 I just tried the whole thing with the current OpenSSH 3.0.2 and the
 problem was gone. This seems to be some sort of interoperability problem
 of the OpenSSH that comes with 4.5S.
 =20
 JP
Responsible-Changed-From-To: freebsd-bugs->green 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Thu Jan 31 01:48:51 PST 2002 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34458 

From: Gregory Steuck <greg@nest.cx>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: misc/34458: 4.5S/sshd forwarding problems
Date: Sun, 17 Feb 2002 12:22:09 -0800

 The problem can be seen purely on localhost. Below are script recordings
 of both sshd -d and ssh -v. It is an integration problem since openssh
 sshd from ports does not manifest this problem.
 
 Script started on Sun Feb 17 11:57:31 2002
 [greg@bum greg]$ sudo /usr/sbin/sshd -d -p2222
 debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20011202=0D
 debug1: private host key: #0 type 0 RSA1=0D
 debug1: read PEM private key done: type DSA=0D
 debug1: private host key: #1 type 2 DSA=0D
 debug1: read PEM private key done: type RSA=0D
 debug1: private host key: #2 type 1 RSA=0D
 debug1: Bind to port 2222 on 0.0.0.0.=0D
 Server listening on 0.0.0.0 port 2222.=0D
 Generating 768 bit RSA key.=0D
 RSA key generation complete.=0D
 debug1: Server will not fork when running in debugging mode.=0D
 Connection from localhost port 4142=0D
 Connection from 127.0.0.1 port 4142=0D
 debug1: Client protocol version 2.0; client software version OpenSSH_2.9 Fr=
 eeBSD localisations 20011202=0D
 debug1: match: OpenSSH_2.9 FreeBSD localisations 20011202 pat ^OpenSSH=0D
 Enabling compatibility mode for protocol 2.0=0D
 debug1: Local version string SSH-1.99-OpenSSH_2.9 FreeBSD localisations 200=
 11202=0D
 debug1: Rhosts Authentication disabled, originating port not trusted.=0D
 debug1: list_hostkey_types: ssh-dss,ssh-rsa=0D
 debug1: SSH2_MSG_KEXINIT sent=0D
 debug1: SSH2_MSG_KEXINIT received=0D
 debug1: kex: client->server aes128-cbc hmac-md5 none=0D
 debug1: kex: server->client aes128-cbc hmac-md5 none=0D
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received=0D
 WARNING: /etc/ssh/primes does not exist, using old prime=0D
 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent=0D
 debug1: dh_gen_key: priv key bits set: 131/256=0D
 debug1: bits set: 503/1024=0D
 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT=0D
 debug1: bits set: 517/1024=0D
 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent=0D
 debug1: kex_derive_keys=0D
 debug1: newkeys: mode 1=0D
 debug1: SSH2_MSG_NEWKEYS sent=0D
 debug1: waiting for SSH2_MSG_NEWKEYS=0D
 debug1: newkeys: mode 0=0D
 debug1: SSH2_MSG_NEWKEYS received=0D
 debug1: KEX done=0D
 debug1: userauth-request for user greg service ssh-connection method none=0D
 debug1: attempt 0 failures 0=0D
 debug1: Starting up PAM with username "greg"=0D
 Failed none for greg from 127.0.0.1 port 4142 ssh2=0D
 debug1: userauth-request for user greg service ssh-connection method passwo=
 rd=0D
 debug1: attempt 1 failures 1=0D
 debug1: PAM Password authentication accepted for user "greg"=0D
 debug1: PAM setting rhost to "localhost"=0D
 Accepted password for greg from 127.0.0.1 port 4142 ssh2=0D
 debug1: Entering interactive session for SSH2.=0D
 debug1: server_init_dispatch_20=0D
 debug1: server_input_global_request: rtype tcpip-forward want_reply 0=0D
 debug1: server_input_global_request: tcpip-forward listen 0.0.0.0 port 1234=
 5=0D
 debug1: Local forwarding listening on 127.0.0.1 port 12345.=0D
 debug1: fd 3 setting O_NONBLOCK=0D
 debug1: fd 3 IS O_NONBLOCK=0D
 debug1: channel 0: new [port listener]=0D
 debug1: server_input_channel_open: ctype session rchan 0 win 32768 max 1638=
 4=0D
 debug1: input_session_request=0D
 debug1: channel 1: new [server-session]=0D
 debug1: session_new: init=0D
 debug1: session_new: session 0=0D
 debug1: session_open: channel 1=0D
 debug1: session_open: session 0: link with channel 1=0D
 debug1: server_input_channel_open: confirm session=0D
 debug1: session_by_channel: session 0 channel 1=0D
 debug1: session_input_channel_req: session 0 channel 1 request pty-req repl=
 y 0=0D
 debug1: session_pty_req: session 0 alloc /dev/ttyp4=0D
 debug1: session_by_channel: session 0 channel 1=0D
 debug1: session_input_channel_req: session 0 channel 1 request shell reply =
 0=0D
 debug1: PAM setting tty to "/dev/ttyp4"=0D
 debug1: do_pam_session: euid 0, uid 0=0D
 debug1: PAM establishing creds=0D
 debug1: channel 1: rfd 8 isatty=0D
 debug1: fd 8 setting O_NONBLOCK=0D
 debug1: fd 7 IS O_NONBLOCK=0D
 debug1: Setting controlling tty using TIOCSCTTY.=0D
 debug1: Connection to port 12345 forwarding to 0.0.0.0 port 0 requested.=0D
 debug1: fd 10 IS O_NONBLOCK=0D
 debug1: fd 10 IS O_NONBLOCK=0D
 debug1: channel 2: new [forwarded-tcpip]=0D
 debug1: channel_free: channel 2: status: The following connections are open=
 :=0D
   #1 server-session (t4 r0 i1/0 o16/0 fd 8/7)=0D
   #2 forwarded-tcpip (t13 r-1 i1/6 o16/0 fd 10/10)=0D
 =0D
 debug1: Received SIGCHLD.=0D
 debug1: session_by_pid: pid 80855=0D
 debug1: session_exit_message: session 0 channel 1 pid 80855=0D
 debug1: session_exit_message: release channel 1=0D
 debug1: channel 1: write failed=0D
 debug1: channel 1: output open -> closed=0D
 debug1: channel 1: close_write=0D
 debug1: session_pty_cleanup: session 0 release /dev/ttyp4=0D
 debug1: session_free: session 0 pid 80855=0D
 debug1: channel 1: read<=3D0 rfd 8 len 0=0D
 debug1: channel 1: read failed=0D
 debug1: channel 1: input open -> drain=0D
 debug1: channel 1: close_read=0D
 debug1: channel 1: input: no drain shortcut=0D
 debug1: channel 1: ibuf empty=0D
 debug1: channel 1: input drain -> closed=0D
 debug1: channel 1: send eof=0D
 debug1: channel 1: send close=0D
 debug1: channel 1: rcvd close=0D
 debug1: channel 1: is dead=0D
 debug1: channel_free: channel 1: status: The following connections are open=
 :=0D
   #1 server-session (t4 r0 i8/0 o128/0 fd -1/-1)=0D
 =0D
 Connection closed by remote host.=0D
 debug1: channel_free: channel 0: status: The following connections are open=
 :=0D
 =0D
 Closing connection to 127.0.0.1=0D
 [greg@bum greg]$ exit
 
 Script done on Sun Feb 17 12:00:36 2002
 
 Script started on Sun Feb 17 11:59:31 2002
 [greg@bum greg]$  ssh -R12345:localhost:25 -v -p2222 localhost
 OpenSSH_2.9 FreeBSD localisations 20011202, SSH protocols 1.5/2.0, OpenSSL =
 0x0090601f
 debug1: Reading configuration data /home/greg/.ssh/config=0D
 debug1: Reading configuration data /etc/ssh/ssh_config=0D
 debug1: Rhosts Authentication disabled, originating port will not be truste=
 d.=0D
 debug1: restore_uid=0D
 debug1: ssh_connect: getuid 502 geteuid 502 anon 1=0D
 debug1: Connecting to localhost [127.0.0.1] port 2222.=0D
 debug1: temporarily_use_uid: 502/1001 (e=3D502)=0D
 debug1: restore_uid=0D
 debug1: temporarily_use_uid: 502/1001 (e=3D502)=0D
 debug1: restore_uid=0D
 debug1: Connection established.=0D
 debug1: identity file /home/greg/.ssh/identity type -1=0D
 debug1: identity file /home/greg/.ssh/id_rsa type -1=0D
 debug1: identity file /home/greg/.ssh/id_dsa type -1=0D
 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9 F=
 reeBSD localisations 20011202=0D
 debug1: match: OpenSSH_2.9 FreeBSD localisations 20011202 pat ^OpenSSH=0D
 Enabling compatibility mode for protocol 2.0=0D
 debug1: Local version string SSH-2.0-OpenSSH_2.9 FreeBSD localisations 2001=
 1202=0D
 debug1: SSH2_MSG_KEXINIT sent=0D
 debug1: SSH2_MSG_KEXINIT received=0D
 debug1: kex: server->client aes128-cbc hmac-md5 none=0D
 debug1: kex: client->server aes128-cbc hmac-md5 none=0D
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent=0D
 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP=0D
 debug1: dh_gen_key: priv key bits set: 117/256=0D
 debug1: bits set: 517/1024=0D
 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent=0D
 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY=0D
 debug1: Forcing accepting of host key for loopback/localhost.=0D
 debug1: bits set: 503/1024=0D
 debug1: ssh_rsa_verify: signature correct=0D
 debug1: kex_derive_keys=0D
 debug1: newkeys: mode 1=0D
 debug1: SSH2_MSG_NEWKEYS sent=0D
 debug1: waiting for SSH2_MSG_NEWKEYS=0D
 debug1: newkeys: mode 0=0D
 debug1: SSH2_MSG_NEWKEYS received=0D
 debug1: done: ssh_kex2.=0D
 debug1: send SSH2_MSG_SERVICE_REQUEST=0D
 debug1: service_accept: ssh-userauth=0D
 debug1: got SSH2_MSG_SERVICE_ACCEPT=0D
 debug1: authentications that can continue: publickey,password,keyboard-inte=
 ractive=0D
 debug1: next auth method to try is publickey=0D
 debug1: try privkey: /home/greg/.ssh/identity=0D
 debug1: try privkey: /home/greg/.ssh/id_rsa=0D
 debug1: try privkey: /home/greg/.ssh/id_dsa=0D
 debug1: next auth method to try is password=0D
 greg@localhost's password:=20
 debug1: ssh-userauth2 successful: method password=0D
 debug1: Connections to remote port 12345 forwarded to local address localho=
 st:25=0D
 debug1: channel 0: new [client-session]=0D
 debug1: channel_new: 0=0D
 debug1: send channel open 0=0D
 debug1: Entering interactive session.=0D
 debug1: client_init id 0 arg 0
 debug1: channel request 0: shell
 debug1: channel 0: open confirm rwindow 0 rmax 16384
 Last login: Sun Feb 17 11:59:25 2002 from localhost=0D
 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
 	The Regents of the University of California.  All rights reserved.
 Environment:
   PATH=3D/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/loca=
 l/bin:/usr/X11R6/bin:/home/greg/bin
   MAIL=3D/var/mail/greg
   BLOCKSIZE=3DK
   FTP_PASSIVE_MODE=3DYES
   USER=3Dgreg
   LOGNAME=3Dgreg
   HOME=3D/home/greg
   SHELL=3D/bin/bash
   SSH_CLIENT=3D127.0.0.1 4142 2222
   SSH_TTY=3D/dev/ttyp4
   TERM=3Dxterm
 [greg@bum greg]$ telnet localhost 12345
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 helo
 Connection closed by foreign host.
 [greg@bum greg]$ logout
 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
 debug1: channel 0: rcvd eof
 debug1: channel 0: output open -> drain
 debug1: channel 0: rcvd close
 debug1: channel 0: input open -> closed
 debug1: channel 0: close_read
 =1B[H=1B[Jdebug1: channel 0: obuf empty
 debug1: channel 0: output drain -> closed
 debug1: channel 0: close_write
 debug1: channel 0: send close
 debug1: channel 0: is dead
 debug1: channel_free: channel 0: status: The following connections are open:
   #0 client-session (t4 r1 i8/0 o128/0 fd -1/-1)
 
 debug1: channel_free: channel 0: dettaching channel user
 Connection to localhost closed.=0D
 debug1: Transferred: stdin 0, stdout 0, stderr 40 bytes in 28.4 seconds=0D
 debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1.4=0D
 debug1: Exit status 1=0D
 Script done on Sun Feb 17 12:07:34 2002
State-Changed-From-To: open->closed 
State-Changed-By: tom 
State-Changed-When: Mon Aug 19 13:52:39 PDT 2002 
State-Changed-Why:  
A newer version of OpenSSH which does not exhibit this problem has been 
integrated into -STABLE. 

This problem report can be closed for the same reason as 35538. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=34458 
>Unformatted:
