X forwarding fails due to to wrong exception handling in sshd
Hi SSH-fans,
I've got a strange problem forwarding X to a crowded server. Both systems are Ubuntu Xenial based, OpenSSH version is 7.2p1. I think, it's a Linux specific bug in sshd.
When connecting with "ssh -X", sshd tries to find a usable TCP port starting at 6000+X11DisplayOffset. After it _seems to have_ found one (which means bind() no longer fails with EADDRINUSE), it tries to listen() which fails with EADDRINUSE on two of my servers.
Instead of handling this by trying the next port, sshd gives up and X forwarding fails (although the SSH-connection is established). According to "man 2 listen" listen() failing after successfully bind()ing is a valid exception in Linux.
The problem seems to be located in channels.c in x11_create_display_inet(). The loop looking for free ports only tests, if bind() succeeds. After the loop, listen() is called, an error is printed ("listen: Address already in use") and x11_create_display_inet() exits unsuccessfully.
I tried to report it to <openssh-unix-dev@mindrot.org> but I'm not a member and didn't find a way to become one. Sending it to <openssh@openssh.com> is most likely not a good idea since <https://man.openbsd.org/listen.2> shows that EADDRINUSE is not an expected error in OpenBSD's listen() call.
Is it possible to fix this with a patch in the debian package? I'd gladly provide the patch but I'm not a C developer and sshd is most likely a risky thing to touch without experience.
Best regards,
Frank Burkhardt
Reply to: