- 
                Notifications
    You must be signed in to change notification settings 
- Fork 802
Description
I have a Windows computer running OpenSSH_for_Windows_8.1p1 server installed via Windows Features. When I set up a reverse SOCKS proxy using the OpenSSH_for_Windows_8.1p1 client and then with the first connection still open set up another reverse SOCKS proxy connection to the same port on the server the second connection succeeds (instead of failing because the port is already in use) and traffic through the proxy is sent only over the first connection.
Is this intended behavior or a bug? Is there a way to configure the server not to allow the second reverse proxy on the same port, or to detect that the port is already in use and fail on the client when connecting to the server?
Here are the steps I used to reproduce this
Install OpenSSH_for_Windows_8.1p1 using Windows features on what we'll call WindowsServer.
My sshd_config is:
PermitRootLogin no
AllowUsers SshTest
X11Forwarding no
PermitTunnel no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AllowTcpForwarding remote
GatewayPorts no
MaxSessions 0
PermitListen 51000 51001 51002 51003 51004 51005
Install OpenSSH_for_Windows_8.1p1 using Windows features on what we'll call WindowsClient.
Make two reverse proxy connections from WindowsClient to WindowsServer at the command line:
ssh -v -N -T -R 51000 -o ExitOnForwardFailure=true -l SshTest WindowsServer
Configure Firefox to use the created SOCKS5 proxy and open a URL so that traffic can be seen in the connection log.
Here's the log from connection 1 (with a few things obfuscated/snipped, let me know if you need more):
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to [...snip...].
debug1: Connection established.
[...snip...]
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.1
debug1: match: OpenSSH_for_Windows_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to WindowsServer:22 as 'SshTest'
[...snip...]
debug1: Authentication succeeded (password).
Authenticated to [...snip...].
debug1: Remote connections from LOCALHOST:51000 forwarded to local address socks:0
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: remote forward success for: listen 51000, connect socks:0
debug1: All remote forwarding requests processed
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 62698
debug1: channel 0: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host [...snip...] in progress, fd=4
debug1: channel 0: connected to [...snip...] port 80
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 62699
debug1: channel 1: new [127.0.0.1]
[...more traffic over the proxy snipped...]
Transferred: sent 60904, received 16784 bytes, in 120.9 seconds
Bytes per second: sent 503.6, received 138.8
debug1: Exit status -1
As you can see everything's working as expected here.
And here's the log from connection 2:
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to [...snip...].
debug1: Connection established.
[...snip...]
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.1
debug1: match: OpenSSH_for_Windows_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to WindowsServer:22 as 'SshTest'
[...snip...]
debug1: Authentication succeeded (password).
Authenticated to [...snip...].
debug1: Remote connections from LOCALHOST:51000 forwarded to local address socks:0
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: remote forward success for: listen 51000, connect socks:0
debug1: All remote forwarding requests processed
Transferred: sent 1884, received 2300 bytes, in 65.4 seconds
Bytes per second: sent 28.8, received 35.2
debug1: Exit status -1
As you can see the connection is successful even though port 51000 is already being used by connection 1 and ExitOnForwardFailure=true is set. When I send traffic over the proxy on port 51000 using Firefox it always goes through connection 1, never connection 2.
I was able to confirm that OpenSSH_8.4p1 Debian-5 server running on a Raspberry Pi has the behavior I expected, where connection 2 fails with an error (connecting from WindowsClient the same as for the previous test)
Connection 1:
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to [...snip...].
debug1: Connection established.
[...snip...]
debug1: Authentication succeeded (password).
Authenticated to [...snip...].
debug1: Remote connections from LOCALHOST:51000 forwarded to local address socks:0
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: remote forward success for: listen 51000, connect socks:0
debug1: All remote forwarding requests processed
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 52358
debug1: channel 0: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host [...snip...] in progress, fd=4
debug1: channel 0: connected to [...snip...]
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 52360
debug1: channel 1: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 4 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 52362
debug1: channel 2: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 5 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 52364
debug1: channel 3: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 6 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 52366
debug1: channel 4: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host [...snip...] in progress, fd=5
debug1: channel 1: connected to [...snip...]
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host [...snip...] in progress, fd=6
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host [...snip...] in progress, fd=7
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host [...snip...] in progress, fd=8
debug1: channel 2: connected to [...snip...]
debug1: channel 3: connected to [...snip...]
debug1: channel 4: connected to [...snip...]
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 7 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 51000, originator 127.0.0.1 port 52368
debug1: channel 5: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host [...snip...] in progress, fd=9
debug1: channel 5: connected to [...snip...]
debug1: channel 0: free: 127.0.0.1, nchannels 6
debug1: channel 1: free: 127.0.0.1, nchannels 5
debug1: channel 2: free: 127.0.0.1, nchannels 4
debug1: channel 3: free: 127.0.0.1, nchannels 3
debug1: channel 4: free: 127.0.0.1, nchannels 2
debug1: channel 5: free: 127.0.0.1, nchannels 1
Transferred: sent 75776, received 11604 bytes, in 108.8 seconds
Bytes per second: sent 696.6, received 106.7
debug1: Exit status -1
(Working as expected.)
Connection 2:
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to [...snip...].
debug1: Connection established.
[...snip...]
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5
debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000
[...snip...]
debug1: Authentication succeeded (password).
Authenticated to [...snip...].
debug1: Remote connections from LOCALHOST:51000 forwarded to local address socks:0
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: remote forward failure for: listen 51000, connect socks:0
Error: remote port forwarding failed for listen port 51000
As you can see this time the second connection attempt to the same port fails with an error as expected.
Environment data
Name                           Value
----                           -----
PSVersion                      5.1.19041.1682
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.1682
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1Version
OpenSSH_for_Windows_8.1p1