New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected behavior (a.k.a. bug) on local tunnel #117
Comments
Thanks for the great bug report. |
+1 |
1 similar comment
+1 |
It seems to me that (the basic reason for) this issue can also have an influence on all connections, not just local ones. If the first IP address returned within the array from the DNS server doesn't work for some reason, SSH.NET is unable to connect to any other address possibly returned within the same array, just because only the first one has been taken hold of. E.g. in Session.cs:
I ran across this when an SSH server I am using had port 22 accidentally blocked at its IPv6 firewall. I suspect that since the IPv6 address was the only one returned from the DnsAbstraction.GetHostAddresses call, the connection just failed. It was difficult to find out the reason, as common SSH clients (e.g. Putty) could connect succesfully at the same time. I got a hunch of what's happening only after realising Putty tried the IPv6 address first as well, and after that one failed it immediately connected to the parallel IPv4 address of the server. AFAICS the change @fidergo-stephane-gourichon suggested looks good, but it should be expanded to apply to all connections, not just local ones. |
Bug as seen on the net
People try to use local tunnels and that fails like on:
Usually the user has found a workaround but not clarified what happens.
This bug report clarifies and suggests an improvements.
How to reproduce
OS is Win7 here but probably happens with other configurations.
From c# - Creating a forwarded port within an SSH tunnel - Stack Overflow:
Expected behaviour
OS accepts connections to any local IP (127.0.0.1, ::1), port 3306.
Observed behaviour
OS does not accept connections to local IP (127.0.0.1) (not sure if tester ::1), port 3306.
It does accept connection to a particular IPV6 address, though.
Technical analysis: what's happening
Expected behavior
When opening a local tunnel without specifying IP to bind, OpenSSH implementation binds to all local IPs. Here's an example on Linux:
On another terminal:
Observed behavior
Instead, SSH.NET does this (from SSH.NET/ForwardedPortLocal.NET.cs at 5f6c3b0bc7a5916d92467931ecacdfc0917f83d7 · sshnet/SSH.NET):
which on local machine provides IP addresses provided by DHCP server, not 127.0.0.1 or ::1.
Taking only the first result from array returned by
DnsAbstraction.GetHostAddresses(BoundHost)
is code smell.Suggested change
(1) Make a
foreach
loop that binds to all adresses returned byDnsAbstraction.GetHostAddresses(BoundHost)
(2) if
String.IsNullOrEmpty(BoundHost)
, use something likeIPAddress.Loopback
(or something ensuring IPv4 and IPv6 compatibility).Though I'm not using that at the moment, can SSH.NET bind to "any IP" (pseudo-address '*') like OpenSSH does:
That suggests : (3)
if ("*".Equals(BoundHost)) { ... }
Conclusion
IMHO such a change would make SSH.NET more inline with expected behavior and avoid much frustration for people.
Thank you for your attention.
The text was updated successfully, but these errors were encountered: