Ubuntu
openssh package

“dynamic” application-level port forwarding non-functional

Bug #391874 reported by Michael R. Crusoe
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Invalid
Low
Unassigned

Bug Description

Ubuntu 9.04; openssh-client 1:5.1p1-5ubuntu1

What I expected to happen:

$ ssh -ND 127.0.0.1:1080 host

creates a SOCKS proxy listening on 127.0.0.1 that relays traffic through the host.

What happened instead

No love. Logs below.

michael@flight:~$ http_proxy=127.0.0.1:1080 wget http://www.google.com
--2009-06-24 16:52:23-- http://www.google.com/
Connecting to 127.0.0.1:1080... connected.
Proxy request sent, awaiting response... No data received.
Retrying.

--2009-06-24 16:52:24-- (try: 2) http://www.google.com/
Connecting to 127.0.0.1:1080... connected.
Proxy request sent, awaiting response... No data received.
Retrying.

michael@flight:~$ ssh -vvv -ND 127.0.0.1:1080 localhost
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused
michael@flight:~$ ssh -vvv -ND 127.0.0.1:1080 localhost
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/michael/.ssh/identity type -1
debug3: Not a RSA1 key file /home/michael/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/michael/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/michael/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 498/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/michael/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/michael/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host localhost
debug3: check_host_in_hostfile: filename /home/michael/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/michael/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is d3:d1:34:b7:33:77:e0:9c:e2:af:c6:7c:b3:93:d2:7d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
debug2: bits set: 531/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/michael/.ssh/id_rsa (0xb8d58ac0)
debug2: key: /home/michael/.ssh/identity ((nil))
debug2: key: /home/michael/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/michael/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/michael/.ssh/identity
debug3: no such identity: /home/michael/.ssh/identity
debug1: Trying private key: /home/michael/.ssh/id_dsa
debug3: no such identity: /home/michael/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
michael@localhost's password:
debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: Local connections to 127.0.0.1:1080 forwarded to remote address socks:0
debug3: channel_setup_fwd_listener: type 2 wildcard 0 addr 127.0.0.1
debug1: Local forwarding listening on 127.0.0.1 port 1080.
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Requesting <email address hidden>
debug1: Entering interactive session.
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 5 setting TCP_NODELAY
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [dynamic-tcpip]
debug2: channel 1: pre_dynamic: have 0
debug2: channel 1: pre_dynamic: have 99
debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: dynamic-tcpip, nchannels 2
debug3: channel 1: status: The following connections are open:

debug3: channel 1: close_fds r 5 w 5 e -1 c -1
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 5 setting TCP_NODELAY
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [dynamic-tcpip]
debug2: channel 1: pre_dynamic: have 0
debug2: channel 1: pre_dynamic: have 117
debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: dynamic-tcpip, nchannels 2
debug3: channel 1: status: The following connections are open:

debug3: channel 1: close_fds r 5 w 5 e -1 c -1
^Cdebug1: channel 0: free: port listener, nchannels 1
debug3: channel 0: status: The following connections are open:

debug3: channel 0: close_fds r 4 w 4 e -1 c -1
debug1: Killed by signal 2.

ichael@flight:~$ sudo /usr/sbin/sshd -ddd -e
[sudo] password for michael:
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 638
debug2: parse_server_config: config /etc/ssh/sshd_config len 638
debug3: /etc/ssh/sshd_config:5 setting Port 22
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:14 setting UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:17 setting KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:21 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:22 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:25 setting LoginGraceTime 120
debug3: /etc/ssh/sshd_config:26 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:27 setting StrictModes yes
debug3: /etc/ssh/sshd_config:29 setting RSAAuthentication yes
debug3: /etc/ssh/sshd_config:30 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:34 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:36 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:38 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:43 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:47 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:62 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:63 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:64 setting PrintMotd no
debug3: /etc/ssh/sshd_config:65 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:66 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:73 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:75 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:77 setting UsePAM yes
debug1: sshd version OpenSSH_5.1p1 Debian-5ubuntu1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-e'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 638
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 638
debug3: rexec:5 setting Port 22
debug3: rexec:9 setting Protocol 2
debug3: rexec:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: rexec:14 setting UsePrivilegeSeparation yes
debug3: rexec:17 setting KeyRegenerationInterval 3600
debug3: rexec:18 setting ServerKeyBits 768
debug3: rexec:21 setting SyslogFacility AUTH
debug3: rexec:22 setting LogLevel INFO
debug3: rexec:25 setting LoginGraceTime 120
debug3: rexec:26 setting PermitRootLogin yes
debug3: rexec:27 setting StrictModes yes
debug3: rexec:29 setting RSAAuthentication yes
debug3: rexec:30 setting PubkeyAuthentication yes
debug3: rexec:34 setting IgnoreRhosts yes
debug3: rexec:36 setting RhostsRSAAuthentication no
debug3: rexec:38 setting HostbasedAuthentication no
debug3: rexec:43 setting PermitEmptyPasswords no
debug3: rexec:47 setting ChallengeResponseAuthentication no
debug3: rexec:62 setting X11Forwarding yes
debug3: rexec:63 setting X11DisplayOffset 10
debug3: rexec:64 setting PrintMotd no
debug3: rexec:65 setting PrintLastLog yes
debug3: rexec:66 setting TCPKeepAlive yes
debug3: rexec:73 setting AcceptEnv LANG LC_*
debug3: rexec:75 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: rexec:77 setting UsePAM yes
debug1: sshd version OpenSSH_5.1p1 Debian-5ubuntu1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 42229
debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: privsep user:group 118:65534
debug1: permanently_set_uid: 118/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug2: Network child is on pid 3300
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 519/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 491/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 5
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 6
debug3: mm_request_receive entering
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 5
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0xb86bbf98(271)
debug3: mm_request_send entering: type 6
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: monitor_read: 5 used once, disabling now
debug3: mm_request_receive entering
Connection closed by 127.0.0.1
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
michael@flight:~$ sudo /usr/sbin/sshd -ddd -e
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 638
debug2: parse_server_config: config /etc/ssh/sshd_config len 638
debug3: /etc/ssh/sshd_config:5 setting Port 22
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:14 setting UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:17 setting KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:21 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:22 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:25 setting LoginGraceTime 120
debug3: /etc/ssh/sshd_config:26 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:27 setting StrictModes yes
debug3: /etc/ssh/sshd_config:29 setting RSAAuthentication yes
debug3: /etc/ssh/sshd_config:30 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:34 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:36 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:38 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:43 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:47 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:62 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:63 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:64 setting PrintMotd no
debug3: /etc/ssh/sshd_config:65 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:66 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:73 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:75 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:77 setting UsePAM yes
debug1: sshd version OpenSSH_5.1p1 Debian-5ubuntu1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-e'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 638
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 638
debug3: rexec:5 setting Port 22
debug3: rexec:9 setting Protocol 2
debug3: rexec:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: rexec:14 setting UsePrivilegeSeparation yes
debug3: rexec:17 setting KeyRegenerationInterval 3600
debug3: rexec:18 setting ServerKeyBits 768
debug3: rexec:21 setting SyslogFacility AUTH
debug3: rexec:22 setting LogLevel INFO
debug3: rexec:25 setting LoginGraceTime 120
debug3: rexec:26 setting PermitRootLogin yes
debug3: rexec:27 setting StrictModes yes
debug3: rexec:29 setting RSAAuthentication yes
debug3: rexec:30 setting PubkeyAuthentication yes
debug3: rexec:34 setting IgnoreRhosts yes
debug3: rexec:36 setting RhostsRSAAuthentication no
debug3: rexec:38 setting HostbasedAuthentication no
debug3: rexec:43 setting PermitEmptyPasswords no
debug3: rexec:47 setting ChallengeResponseAuthentication no
debug3: rexec:62 setting X11Forwarding yes
debug3: rexec:63 setting X11DisplayOffset 10
debug3: rexec:64 setting PrintMotd no
debug3: rexec:65 setting PrintLastLog yes
debug3: rexec:66 setting TCPKeepAlive yes
debug3: rexec:73 setting AcceptEnv LANG LC_*
debug3: rexec:75 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: rexec:77 setting UsePAM yes
debug1: sshd version OpenSSH_5.1p1 Debian-5ubuntu1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 42231
debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 3309
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 118:65534
debug1: permanently_set_uid: 118/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 531/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 498/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 5
debug3: monitor_read: checking request 5
debug3: mm_answer_sign
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 6
debug3: mm_request_receive entering
debug3: mm_answer_sign: signature 0xb99d6f98(271)
debug3: mm_request_send entering: type 6
debug2: monitor_read: 5 used once, disabling now
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user michael service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 7
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 8
debug3: mm_request_receive entering
debug3: monitor_read: checking request 7
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address 127.0.0.1.
debug2: parse_server_config: config reprocess config len 638
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 8
debug2: monitor_read: 7 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for michael
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 48
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 12
debug3: mm_request_receive entering
debug3: monitor_read: checking request 48
debug1: PAM: initializing for "michael"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 48 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=, role=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 11
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 12
Failed none for michael from 127.0.0.1 port 42231 ssh2
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
debug1: userauth-request for user michael service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0xb99dba18
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/michael/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/michael/.ssh/authorized_keys2
debug1: restore_uid: 0/0
Failed publickey for michael from 127.0.0.1 port 42231 ssh2
debug3: mm_answer_keyallowed: key 0xb99dba18 is not allowed
debug3: mm_request_send entering: type 22
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
debug1: userauth-request for user michael service ssh-connection method password
debug1: attempt 2 failures 1
debug2: input_userauth_request: try method password
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 12
debug3: mm_request_receive entering
debug3: monitor_read: checking request 11
debug3: PAM: sshpam_passwd_conv called with 1 messages
debug1: PAM: password authentication accepted for michael
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 12
debug3: mm_request_receive_expect entering: type 49
debug3: mm_request_receive entering
debug3: mm_auth_password: user authenticated
debug3: mm_do_pam_account entering
debug3: mm_request_send entering: type 49
debug3: mm_request_receive_expect entering: type 50
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
debug3: mm_request_send entering: type 50
Accepted password for michael from 127.0.0.1 port 42231 ssh2
debug1: monitor_child_preauth: michael has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 25
debug3: mm_request_receive entering
debug3: mm_do_pam_account returning 1
debug3: mm_send_keystate: Sending new keys: 0xb99d6a18 0xb99cedb8
debug3: mm_newkeys_to_blob: converting 0xb99d6a18
debug3: mm_newkeys_to_blob: converting 0xb99cedb8
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 25
debug3: mm_send_keystate: Finished sending state
debug3: mm_newkeys_from_blob: 0xb99dc1c0(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0xb99dc1c0(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug3: PAM: sshpam_store_conv called with 1 messages
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1000/1000
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 7 setting O_NONBLOCK
debug2: fd 8 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_global_request: rtype <email address hidden> want_reply 0
User child is on pid 3323
debug3: mm_request_receive entering
Connection closed by 127.0.0.1
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
Transferred: sent 1800, received 1584 bytes
Closing connection to 127.0.0.1 port 42231
debug3: mm_request_send entering: type 63
debug3: monitor_read: checking request 63
debug3: mm_answer_term: tearing down sessions
debug1: PAM: cleanup
debug1: PAM: deleting credentials
debug1: PAM: closing session

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 9.04
Package: openssh-client 1:5.1p1-5ubuntu1
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openssh
Uname: Linux 2.6.28-13-generic i686

Revision history for this message
Michael R. Crusoe (misterc) wrote :
Revision history for this message
Chuck Short (zulcss) wrote :

Hi,

I was wondering if you were still having this problem?

Regards
chuck

Changed in openssh (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Michael R. Crusoe (misterc) wrote :

I just checked, this is still an issue.

Changed in openssh (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Colin Watson (cjwatson) wrote :

I was a bit puzzled by this until I realised that our current wget package doesn't actually support SOCKS, so this test could never work. (Feel free to mark this bug as also affecting Ubuntu wget; it used to support this, but I don't know what would be involved in reintroducing it.)

With OpenSSH 5.3p1, this works for me using the directions in http://www.metropipe.net/wiki/index.php/Mozilla_Firefox_Configuration#Manual_Firefox_SOCKS_Proxy_Configuration (adjusted for the menu options being Edit->Preferences not Tools->Options). Could you clarify whether wget was actually your original requirement, or just a demonstration for the purposes of this bug report?

Revision history for this message
Colin Watson (cjwatson) wrote :

See also:

  http://<email address hidden>/msg10824.html

Revision history for this message
Michael R. Crusoe (misterc) wrote :

wget was just a demonstration tool, but thank you for the notice.

I repeated the test today with Firefox 3.6.3, though one cannot specify the SOCKS version in the GUI. network.proxy.socks_version was left at its default setting of '5'.

Running OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 locally and OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 remotely (Debian stable) and using Firefox the test still fails for me.

Here is the relevant ssh -vvvv output from this end:

debug1: Local connections to 127.0.0.1:1080 forwarded to remote address socks:0
debug3: channel_setup_fwd_listener: type 2 wildcard 0 addr 127.0.0.1
debug1: Local forwarding listening on 127.0.0.1 port 1080.
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Requesting <email address hidden>
debug1: Entering interactive session.
debug3: Wrote 64 bytes for a total of 1447
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 5 setting TCP_NODELAY
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [dynamic-tcpip]
debug2: channel 1: pre_dynamic: have 0
debug2: channel 1: pre_dynamic: have 1070
debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: dynamic-tcpip, nchannels 2
debug3: channel 1: status: The following connections are open:

debug3: channel 1: close_fds r 5 w 5 e -1 c -1
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 5 setting TCP_NODELAY
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [dynamic-tcpip]
debug2: channel 1: pre_dynamic: have 0
debug2: channel 1: pre_dynamic: have 420
debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: dynamic-tcpip, nchannels 2
debug3: channel 1: status: The following connections are open:

debug3: channel 1: close_fds r 5 w 5 e -1 c -1
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 5 setting TCP_NODELAY
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [dynamic-tcpip]
debug2: channel 1: pre_dynamic: have 0
debug2: channel 1: pre_dynamic: have 401
debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: dynamic-tcpip, nchannels 2
debug3: channel 1: status: The following connections are open:

debug3: channel 1: close_fds r 5 w 5 e -1 c -1
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 5 setting TCP_NODELAY
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [dynamic-tcpip]
debug2: channel 1: pre_dynamic: have 0
debug2: channel 1: pre_dynamic: have 431
debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: dynamic-tcpip, nchannels 2
debug3: channel 1: status: The following connections are open:

debug3: channel 1: close_fds r 5 w 5 e -1 c -1
debug2: client_check_window_change: changed

Revision history for this message
Māris Fogels (mars) wrote :

I encountered a very similar problem running a development version of Oneiric, openssh-client 1:5.8p1-7ubuntu1.

Michael, try using 'curl -I --socks5 127.0.0.1:1080 http://thesite'. I find that curl connects perfectly through the SOCKS SSH tunnel and that Firefox 7.0.1+build1+nobinonly-0ubuntu1 fails with almost exactly the log messages you pasted.

Here is a successful connection I recorded using 'curl -I https://thewebhost --socks5 localhost:12345' and 'ssh -vvv -ND 12345 thesshhost':

debug1: Connection to port 12345 forwarding to socks port 0 requested.
debug2: fd 7 setting TCP_NODELAY
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 4
debug2: channel 2: decode socks5
debug2: channel 2: socks5 auth done
debug2: channel 2: pre_dynamic: need more
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 10
debug2: channel 2: decode socks5
debug2: channel 2: socks5 post auth
debug2: channel 2: dynamic request: socks5 host 91.189.89.100 port 443 command 1
debug2: channel 2: open confirm rwindow 2097152 rmax 32768
debug2: channel 2: read<=0 rfd 7 len 0
debug2: channel 2: read failed
debug2: channel 2: close_read
debug2: channel 2: input open -> drain
debug2: channel 2: ibuf empty
debug2: channel 2: send eof
debug2: channel 2: input drain -> closed
debug2: channel 2: rcvd eof
debug2: channel 2: output open -> drain
debug2: channel 2: obuf empty
debug2: channel 2: close_write
debug2: channel 2: chan_shutdown_write: shutdown() failed for fd 7: Transport endpoint is not connected
debug2: channel 2: output drain -> closed
debug2: channel 2: send close
debug3: channel 2: will not send data after close
debug2: channel 2: rcvd close
debug3: channel 2: will not send data after close
debug2: channel 2: is dead
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 12345 for 91.189.89.100 port 443, connect from 127.0.0.1 port 60535, nchannels 3
debug3: channel 2: status: The following connections are open:
  #2 direct-tcpip: listening port 12345 for 91.189.89.100 port 443, connect from 127.0.0.1 port 60535 (t4 r0 i3/0 o3/0 fd 7/7 cc -1)

Here is a failed connection, same https:// address, same ssh tunnel, using Firefox 7.0.1. Firefox is configured with all traffic proxied to 127.0.0.1 port 12345:

debug1: Connection to port 12345 forwarding to socks port 0 requested.
debug2: fd 7 setting TCP_NODELAY
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 424
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: dynamic-tcpip, nchannels 3
debug3: channel 2: status: The following connections are open:

Revision history for this message
Michael R. Crusoe (misterc) wrote :

Thanks mars for making feel a little less crazy :-) I don't have a remote host any more, so I won't be able to do further testing on this issue.

Revision history for this message
Māris Fogels (mars) wrote :

Installing the FoxProxy Firefox extension allowed the Firefox SOCKS proxy connection to start working. According to the SSH output the browser now sets up proxy connections just like curl does.

debug1: Connection to port 12345 forwarding to socks port 0 requested.
debug2: fd 7 setting TCP_NODELAY
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 3
debug2: channel 2: decode socks5
debug2: channel 2: socks5 auth done
debug2: channel 2: pre_dynamic: need more
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 27
debug2: channel 2: decode socks5
debug2: channel 2: socks5 post auth
debug2: channel 2: dynamic request: socks5 host 91.189.89.100 port 443 command 1
debug2: channel 2: open confirm rwindow 2097152 rmax 32768
debug1: Connection to port 12345 forwarding to socks port 0 requested.
debug2: fd 8 setting TCP_NODELAY
debug2: fd 8 setting O_NONBLOCK
debug3: fd 8 is O_NONBLOCK
debug1: channel 3: new [dynamic-tcpip]
debug2: channel 3: pre_dynamic: have 0
debug2: channel 3: pre_dynamic: have 3
debug2: channel 3: decode socks5
debug2: channel 3: socks5 auth done
debug2: channel 3: pre_dynamic: need more
debug2: channel 3: pre_dynamic: have 0
debug2: channel 3: pre_dynamic: have 27
debug2: channel 3: decode socks5
debug2: channel 3: socks5 post auth
debug2: channel 3: dynamic request: socks5 host 91.189.89.100 port 443 command 1
debug2: channel 3: open confirm rwindow 2097152 rmax 32768
debug2: channel 3: read<=0 rfd 8 len -1
debug2: channel 3: read failed
debug2: channel 3: close_read
debug2: channel 3: input open -> drain
debug2: channel 3: ibuf empty
debug2: channel 3: send eof
debug2: channel 3: input drain -> closed
debug2: channel 3: rcvd eof
debug2: channel 3: output open -> drain
debug2: channel 3: obuf empty
debug2: channel 3: close_write
debug2: channel 3: chan_shutdown_write: shutdown() failed for fd 8: Transport endpoint is not connected
debug2: channel 3: output drain -> closed
debug2: channel 3: rcvd close
debug3: channel 3: will not send data after close
debug2: channel 3: send close
debug2: channel 3: is dead
debug2: channel 3: garbage collecting
debug1: channel 3: free: direct-tcpip: listening port 12345 for 91.189.89.100 port 443, connect from 127.0.0.1 port 32956, nchannels 4
debug3: channel 3: status: The following connections are open:
  #2 direct-tcpip: listening port 12345 for 91.189.89.100 port 443, connect from 127.0.0.1 port 32955 (t4 r0 i0/0 o0/0 fd 7/7 cc -1)
  #3 direct-tcpip: listening port 12345 for 91.189.89.100 port 443, connect from 127.0.0.1 port 32956 (t4 r1 i3/0 o3/0 fd 8/8 cc -1)

Michael R. Crusoe (misterc)
Changed in openssh (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.