[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issues with ssh_channel_accept_forward() and reverse port forwarding
[Thread Prev] | [Thread Next]
- Subject: Re: Issues with ssh_channel_accept_forward() and reverse port forwarding
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 12 Apr 2023 11:39:14 +0200
- To: libssh@xxxxxxxxxx
On 4/12/23 11:36, Jakub Jelen wrote:
Oh, my bad. This request is about server side. But the client side should be very similar though. Please, open a new issue tracking this. Or MR if you would like to contribute the changes.On 4/10/23 23:29, Orion Poplawski wrote:It appears from readinghttps://api.libssh.org/stable/libssh_tutor_forwarding.html that in order toimplement reverse port forwarding one must continually callssh_channel_accept_forward() in order to accept any possible connections fromthe remote side. Is this correct? It presents a couple challenges: * It's a very inefficient method - polling vs. event driven* It can generate a huge amount of log messages as ssh_channel_accept() logsan error every time it is called and there is nothing to accept:[2023/04/10 12:17:34.044502, 1] ssh_channel_accept: No channel request ofthis type from server See also https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1421 So:* If polling is indeed the only mechanism available here, libssh should not beemitting an error in this case. Possibly a DEBUG or TRACE level message instead, but honestly enabling it for anything like x2goclient that does continual polling will just swamp the logs.* Is there a possibility of implementing a callback method to accept remoteconnections?From what I read, this is about the client side logs. I think downgrading the message to DEBUG or TRACE would be the least thing we can do and it sounds like a reasonable solution. Do you want to open a merge request?Regarding the polling, the tutorial is quite dated so it does not provide any information about the connectors and callbacks. Right now, there are x11 and auth_agent callbacks available in the channels. Adding a similar handler into the ssh_execute_client_request() for handling SSH_CHANNEL_FORWARDED_TCPIP should not be hard. I think the reason it is not there yet is that nobody asked for that before or nobody implemented this.Skiming through the issue tracker, there is an request for this actually, even with a patch, but it will require some work and test coverage to get merged:https://gitlab.com/libssh/libssh-mirror/-/issues/43
Rerards. -- Jakub Jelen Crypto Team, Security Engineering Red Hat, Inc.
| Issues with ssh_channel_accept_forward() and reverse port forwarding | Orion Poplawski <orion@xxxxxxxx> |
| Re: Issues with ssh_channel_accept_forward() and reverse port forwarding | Jakub Jelen <jjelen@xxxxxxxxxx> |