From adcf2bcb1c1bba8c1429ac6d5f5c5b457d1ec367 Mon Sep 17 00:00:00 2001 From: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Date: Fri, 13 Dec 2024 15:00:24 -0500 Subject: [PATCH] Prevent forwarded tcpip requests hanging indefinitely (#50209) The SSH channel was only being closed in the happy path once proxying of data completed. This resulted in any connections being made, and failing for any reason prior to that hanging until the user terminated the request. The behavior from the regular.Server was copied to the forward.Server to ensure that the channel is always closed when handleDirectTCPIPRequest terminates. --- lib/srv/forward/sshserver.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/srv/forward/sshserver.go b/lib/srv/forward/sshserver.go index 6a15ac17661d9..d5f5df7d11f49 100644 --- a/lib/srv/forward/sshserver.go +++ b/lib/srv/forward/sshserver.go @@ -25,6 +25,7 @@ import ( "fmt" "io" "net" + "os" "strings" "time" @@ -1062,8 +1063,12 @@ func (s *Server) handleDirectTCPIPRequest(ctx context.Context, ch ssh.Channel, r if err != nil { s.log.Errorf("Unable to create connection context: %v.", err) s.stderrWrite(ch, "Unable to create connection context.") + if err := ch.Close(); err != nil { + s.log.Warnf("Failed to close channel: %v", err) + } return } + scx.AddCloser(ch) scx.RemoteClient = s.remoteClient scx.ExecType = teleport.ChanDirectTCPIP scx.SrcAddr = sshutils.JoinHostPort(req.Orig, req.OrigPort) @@ -1095,8 +1100,8 @@ func (s *Server) handleDirectTCPIPRequest(ctx context.Context, ch ssh.Channel, r scx.WithError(err).Warn("Failed to emit port forward event.") } - if err := utils.ProxyConn(ctx, ch, conn); err != nil { - s.log.WithError(err).Warn("Pailed proxying data for port forwarding connection.") + if err := utils.ProxyConn(ctx, ch, conn); err != nil && !errors.Is(err, io.EOF) && !errors.Is(err, os.ErrClosed) { + s.log.WithError(err).Warn("Failed proxying data for port forwarding connection.") } }