RemoteForward 127.0.0.1:0 127.0.0.1:22
RemoteForward 0 127.0.0.1:443
so that our support desk can then use these forwards to access SSH and HTTPS on them. Note that the remote endpoint of one is limited to IPv4, while the other defaults to v4+v6; That's how we tell on the server which Port LISTENed on by a given sshd PID leads to the remote SSH and which to HTTPS.
Today, for the first time, we noticed that two logins had "dynamically allocated" the *same* port, one for SSH, one for HTTPS:
# ss -natp | grep 34014
LISTEN 0 128 127.0.0.1:34014 *:* users:(("sshd",pid=22509,fd=9))
LISTEN 0 128 [::1]:34014 [::]:* users:(("sshd",pid=22511,fd=10))
# ps -eo pid,lstart,cmd | egrep '(22509|22511) ' 22509 Sun Jul 7 20:30:10 2024 sshd: <user> 22511 Sun Jul 7 20:30:10 2024 sshd: <user>
which successfully confused our detection mechanisms. (Access by the support staff is currently limited to IPv4, so they wanted to use the WebUI via the v4 port 34014 and the browser choked on the SSH server hello of the other appliance.)
Is there anything I can do to prevent a port number being double assigned like this?
(The server is, so far, a CentOS 7 with CentOS' OpenSSH packages.) Thanks in advance, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
