RemoteForward Dynamic Port Allocation

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello, we have a server that appliances "in the field" SSH into with a config including:

        RemoteForward   127.0.0.1:0     127.0.0.1:22
        RemoteForward           0       127.0.0.1:443

so that our support desk can then use these forwards to access SSH and HTTPS on them. Note that the remote endpoint of one is limited to IPv4, while the other defaults to v4+v6; That's how we tell on the server which Port LISTENed on by a given sshd PID leads to the remote SSH and which to HTTPS.

Today, for the first time, we noticed that two logins had "dynamically allocated" the *same* port, one for SSH, one for HTTPS:

# ss -natp | grep 34014
LISTEN  0   128 127.0.0.1:34014      *:*   users:(("sshd",pid=22509,fd=9))
LISTEN  0   128     [::1]:34014   [::]:*   users:(("sshd",pid=22511,fd=10))

# ps -eo pid,lstart,cmd | egrep '(22509|22511) '
22509 Sun Jul  7 20:30:10 2024 sshd: <user>
22511 Sun Jul  7 20:30:10 2024 sshd: <user>

which successfully confused our detection mechanisms. (Access by the support staff is currently limited to IPv4, so they wanted to use the WebUI via the v4 port 34014 and the browser choked on the SSH server hello of the other appliance.)

Is there anything I can do to prevent a port number being double assigned like this?

(The server is, so far, a CentOS 7 with CentOS' OpenSSH packages.)

Thanks in advance,
--
Jochen Bern
Systemingenieur

Binect GmbH

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux