Subject: remote listener with port 0 bug?

remote listener with port 0 bug?

From: Przemysław Szczygielski <>
Date: Thu, 8 Sep 2011 15:05:10 +0200


While it is pefectly legal to call libssh2_channel_forward_listen_ex with
port=0, which will make SSH server assign first free port and return port
assigned in last variable of the procedure, and this call works indeed,
setting the mentioned variable to port assigned by remote server, somewhere
down the road forwarding of this port fails.

When port gets allocated SSHd says:

debug1: server_init_dispatch_20
debug1: server_input_global_request: rtype tcpip-forward want_reply 1
debug1: server_input_global_request: tcpip-forward listen port 0
debug1: Local forwarding listening on port 0.
debug1: Allocated listen port 37840
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on :: port 37840.
debug1: channel 1: new [port listener]

And everything seems ok, as the last argument of
libssh2_channel_forward_listen_ex is set to 37840. But then when trying to
connect to port 37840 on the SSH server, I get:

debug1: Connection to port 0 forwarding to port 0 requested.
debug1: channel 2: new [forwarded-tcpip]
channel 2: open failed: administratively prohibited: Forward not requested
debug1: channel 2: free: forwarded-tcpip: listening port 0 for
port 0, connect from port 56883, nchannels 3

Note that "administratively prohibited" means "prohibited by the client".
I've investigated it once for my own SSH packet (that does exactly the same
as libssh2_channel_forward_listen_ex but disregards requested remote port
altogether), and as far as I can remember the error is caused because of a
mismatch between what got allocated (37830) and what libssh2 thinks the port
is (0). I think it was somewhere in packet.c...

If this got somehow fixed in newer releases, then sorry.

Received on 2011-09-08