Bug #4183

(sshd) Unable to forward TCP port

Added by Rome Novikov about 4 years ago. Updated about 4 years ago.

Status:NewStart date:2013-10-06
Priority:UrgentDue date:
Assignee:OI illumos% Done:

0%

Category:OS/Net (Kernel and Userland)
Target version:-
Difficulty:Medium Tags:ssh

Description

Hi! I'm trying to forward a TCP port from localhost of the remote server to the local machine using SSH. After the SSH connection is established I try to use the forwarded port but the tunnel is not working and a get the following error in /var/adm/messages : Oct 6 13:27:12 hisoft-oisrvh01 sshd1543: [ID 800047 auth.error] error: setsockopt TCP_NODELAY: Invalid argument
Nevertheless the telnet shows that the tunneling connection is established - I can put lines as many as I want but respondless.. And I see no warnings in terminal. X11 connections work Ok - I can use GUI-applications remotely (with -X).
So I put the "AllowTcpForwarding yes" option into sshd_config and restarted sshd but useless.
I don't know if it is a new security feature or a bug but the ssh-tunneling is a main thing I use for my work..
Please help me to resolve the problem - it's very important at least for my job...

History

#1 Updated by Rome Novikov about 4 years ago

I've install openssh from csw - the same result..

#2 Updated by Rome Novikov about 4 years ago

So as a workaround I've found a temporary solution. Obviously this issue is because there are some troubles with implementing IPv6. It somehow helps if the IPv6 support of sshd is disabled.
Thanks the authors of the following messages http://forums.servethehome.com/solaris-nexenta-openindiana-napp/2064-esxi-omnios-vm-problem-portforwarding-tcp_nodelay-invalid-argument.html
So I made the next changes:
"Modifiy: /lib/svc/method/sshd
Find the line "/usr/lib/ssh/sshd" and change it to "/usr/lib/ssh/sshd -4"

Then edit "/etc/ssh/sshd_config" and comment
out "ListenAddress ::" and uncomment "ListenAddress 0.0.0.0"

Execute "svcadm restart ssh" and you are good to go."

After that if I forward an unexisting remote socked onto local machine - I'll get the hanging relult for the local application (such as rdesktop, telnet) without any breaking the connection or any messages in my console. But if the remote socked exists - I have my rdp-terminal worked properly.

#3 Updated by Ken Mays about 4 years ago

  • Tags changed from needs-triage to ssh
  • Assignee set to OI illumos
  • Category set to OS/Net (Kernel and Userland)

Also available in: Atom