Bug#929681: openssh: port forwarding (-L option) stopped working

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#929681: openssh: port forwarding (-L option) stopped working
From: Gary Dale <gary@extremeground.com>
Date: Tue, 28 May 2019 11:42:44 -0400
Message-id: <[🔎] 155905816489.29065.17360308239006639920.reportbug@transponder.rahim-dale>
Reply-to: Gary Dale <gary@extremeground.com>, 929681@bugs.debian.org

Source: openssh
Version: 7.9
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

* What led up to the situation?
I'm running Debian/Testing on my workstation and using ssh port forwarding (-L option) to
connect to TightVNC servers on remote machines through a Debian/Stable server. I've been
doing this for a decade but it suddenly stopped working. My ssh command would be:
ssh <remote server public IP> -L 5902:<remote workstation local IP>:5900
and I would connect via a VNC viewer to localhost:5902.

The remote server public IP is actually a DD-WRT router with port 22 forwarded to the
Debian/Testing server. By varying the remote workstation local IP (all in the 192.168.1.*
range), I can connect to any specific remote workstation.

* What exactly did you do (or not do) that was effective (or ineffective)?
Sometime over the last week, this stopped working. My VNC viewer connections now all
eventually time out without connecting. However I can connect to a KVM virtual machine
running on the remote server using the Virtual Machine Manager GUI and connect using
the TightVNC viewer from it to the various workstations. This demonstrates that the
problem is not in the TightVNC servers.

I have also tried various VNC viewers and they also all fail, so the problem is not with
the viewer.

* What was the outcome of this action?
Since I can connect from the VM, the problem must be with the SSH tunnel. Because my
ssh session to the remote server is working, the problem appears to be with ports not
being forwarded.

* What outcome did you expect instead?
The problem has only been occuring for no more than 1 week, since I was able to connect
early last week.

*** End of the template - remove these template lines ***

-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to:

Follow-Ups:
- Bug#929681: openssh: port forwarding (-L option) stopped working
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#929669: ssh: usability issue with -J and multiple jump hosts
Next by Date: Bug#929681: openssh: port forwarding (-L option) stopped working
Previous by thread: Processed: Re: Bug#929669: ssh: usability issue with -J and multiple jump hosts
Next by thread: Bug#929681: openssh: port forwarding (-L option) stopped working
Index(es):
- Date
- Thread