TCP alias rejecting uppercase letters #237

blop · 2022-06-29T08:57:12Z

Hello,

It seems that the named TCP alias feature doesn't accept any uppercase letter.

The following commands are working :

ssh -R local:22:127.0.0.1:22 sish.server
ssh -R loc-al:22:127.0.0.1:22 sish.server
ssh -R local123:22:127.0.0.1:22 sish.server

The following commands are NOT working ("remote port forwarding failed for listen port") :

ssh -R Local:22:127.0.0.1:22 sish.server
ssh -R locAl:22:127.0.0.1:22 sish.server
ssh -R LOCAL:22:127.0.0.1:22 sish.server

As hostnames are case insensitive and we need to avoid collisions, shouldn't sish just lowercase the user input instead of throwing an error ? (same for -L tunnels)

Thank you!

Olivier

The text was updated successfully, but these errors were encountered:

antoniomika · 2022-06-29T11:34:57Z

Hey @blop,

Hrm this is actually how the functionality is currently implemented (and works for me as well). What version of sish are you running?

PS: hope you’ve been well! Haven’t seen you around here in a bit!

Best,

blop · 2022-06-29T12:05:56Z

I'm fine thank you ;)
And our sish instance is running great too !

We are currently using the docker image antoniomika/sish:2.3.0.
I didn't check the latest releases yet ;-)

It might be related to our config ?

--ssh-address=*.*.*.*:22
--tcp-address=*.*.*.*
--http-address=*.*.*.*:80
--https-address=*.*.*.*:443
--https=true
--https-certificate-directory=/https-certificates
--redirect-root=true
--redirect-root-location=https://****/
--admin-console
--admin-console-token=****
--private-keys-directory=/private-keys/
--authentication
--authentication-keys-directory=/authentication-keys/
--authentication-password=""
--domain=****
--bind-hosts=****
--bind-random-aliases=false
--bind-random-ports=false
--bind-random-subdomains=false
--force-requested-aliases
--force-requested-ports
--force-requested-subdomains
--force-tcp-address
--tcp-aliases
--cleanup-unauthed=true
--cleanup-unauthed-timeout=30s
--idle-connection=true
--idle-connection-timeout=1h
--verify-ssl=false

antoniomika · 2022-06-29T13:01:39Z

Awesome, good to hear!

I see the issue now, it's because of force-requested-aliases. That function also needs to lowercase the addresses (which is wasn't). I pushed the fix and it'll be released as v2.4.1!

blop · 2022-06-29T17:17:04Z

Thank you !
It works in 2.4.1.

blop · 2022-12-01T09:21:27Z

@antoniomika It seems to be broken again since version 2.5.0, and still in 2.8.1 :o

WARNING: Server requests forwarding for unknown listen_port 22
ssh: rejected: administratively prohibited (open failed)

antoniomika · 2022-12-12T17:05:41Z

Should be fixed in v2.9.1!

blop · 2022-12-12T17:47:51Z

@antoniomika Still not working in v2.9.1 :'(

antoniomika · 2022-12-12T18:08:00Z

ssh -R aSDF:22:localhost:22 ssi.sh
Press Ctrl-C to close the session.

Starting SSH Forwarding service for tcp:22. Forwarded connections can be accessed via the following methods:
TCP Alias: asdf:22

Connection to ssi.sh closed by remote host.
Connection to ssi.sh closed.

Works for me! What's the configuration you're using?

blop · 2022-12-12T19:16:20Z

It fails when trying to actually connect to the TCP alias, not when setting it up.

tunnel side we get :
WARNING: Server requests forwarding for unknown listen_port 22 ssh: rejected: administratively prohibited (open failed)

client side we get :
kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535

Same configuration as above ;-)

antoniomika · 2022-12-20T18:34:06Z

@blop Now this is fixed :)

blop · 2022-12-20T20:17:24Z

Yeah! It's working fine in v2.9.2 ;-)
Thanks !

commit f381389 Author: Antonio Mika <me@antoniomika.me> Date: Tue Apr 30 16:52:08 2024 -0400 Update deps (antoniomika#302) * Update deps * Use bufio reader * Revert "Use bufio reader" This reverts commit c8003d4. * Print peeked info * Revert "Revert "Use bufio reader"" This reverts commit ff656b0. * Fixed sni reading * Handle sni based unix conn better commit 81e4350 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Apr 19 09:36:38 2024 -0400 Bump golang.org/x/net from 0.22.0 to 0.23.0 (antoniomika#301) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0. - [Commits](golang/net@v0.22.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 7ad6956 Author: Antonio Mika <me@antoniomika.me> Date: Fri Mar 8 08:56:04 2024 -0500 Enable the use of environment vars (antoniomika#300) commit 9f3f566 Author: Antonio Mika <me@antoniomika.me> Date: Thu Mar 7 18:33:15 2024 -0500 Update to go 1.22 and use multilistener (antoniomika#298) * Update to go 1.22 and use multilistener * Update * Updates * Set ports for tcp addresses properly * Fix address separator * Fixes * Update multilistener * Cleanup rogue log commit d0511c4 Author: Eric Bower <me@erock.io> Date: Thu Mar 7 09:13:34 2024 -0500 chore: update pdocs to latest (antoniomika#295) * chore: update pdocs to latest * design: sidebar commit 3ad5105 Author: Eric Bower <me@erock.io> Date: Tue Feb 13 10:24:03 2024 -0500 feat(docs): sitemap with links for headers (antoniomika#292) commit c64d009 Author: Dominik Konik <dkonik@dkonik.com> Date: Mon Feb 12 23:08:27 2024 -0500 Fix typo in comment (antoniomika#294) commit e8c56f6 Author: Antonio Mika <antoniomika@gmail.com> Date: Mon Jan 29 10:30:04 2024 -0500 Fix docs build commit 97edc2e Author: Antonio Mika <antoniomika@gmail.com> Date: Mon Jan 29 10:26:41 2024 -0500 Run go mod tidy commit 0c4f193 Author: Eric Bower <me@erock.io> Date: Mon Jan 29 10:17:13 2024 -0500 feat: docs site (antoniomika#286) * feat: docs site * docs: copy * chore(docs): update cli post * revert * chore: go.mod commit 6892112 Author: Antonio Mika <me@antoniomika.me> Date: Tue Jan 23 11:32:29 2024 -0500 Initial work on private aliases (antoniomika#291) * Initial work on private aliases * Ensure the current user is allowed to access the alias * Print the self ssh fingerprint * Add pubkeyfingerprint to alias log line * Start conn with self allowed for tcp aliases * Cleanup commit 4ed4208 Author: Antonio Mika <me@antoniomika.me> Date: Thu Oct 12 16:20:01 2023 -0400 Pin golang to major.minor.patch (antoniomika#284) * Pin golang to major.minor.patch * Update package deps commit 7ca0808 Author: Antonio Mika <me@antoniomika.me> Date: Wed Oct 11 19:49:44 2023 -0400 Update golang versions. Supersedes up antoniomika#282 (antoniomika#283) commit b89a463 Author: Antonio Mika <me@antoniomika.me> Date: Mon Oct 9 14:48:00 2023 -0400 Set conn deadline to both reads and writes (antoniomika#281) commit 56816e6 Author: Antonio Mika <me@antoniomika.me> Date: Sat Oct 7 20:14:32 2023 -0400 Updated go deps and general package work (antoniomika#279) * Updated go deps and general package work * Update used go version to 1.21 * feat: wildcard support * Fixed lint * feat: auto redirect to https * Use proper hostname in redirect * Add wildcards to sni proxy * Ensure wildcard isn't too greedy and fix sni on https port * Code cleanup --------- Co-authored-by: Son Nguyen <sonntuet1997@gmail.com> commit 62dec83 Author: Antonio Mika <antoniomika@gmail.com> Date: Tue Dec 20 13:31:17 2022 -0500 Use original address for forwarded channel. Fix antoniomika#237 commit c54d681 Author: Antonio Mika <antoniomika@gmail.com> Date: Mon Dec 12 12:04:17 2022 -0500 Force lower case aliases and subdomains commit 4b5c2db Author: Antonio Mika <me@antoniomika.me> Date: Mon Dec 12 10:56:14 2022 -0500 Update ci/cd and deps (antoniomika#262) * Update ci/cd and deps * Fix build args commit a8236e5 Author: Antonio Mika <me@antoniomika.me> Date: Tue Oct 25 10:20:34 2022 -0400 Fixed http override port (antoniomika#256) * Fixed http override port * Cleanup references used for establishing tunnels * Removed short flag from authentication-key-request-url commit fe2b1c2 Author: Roshan Jobanputra <3818834+rjobanp@users.noreply.github.com> Date: Fri Oct 21 12:04:10 2022 -0400 Add authentication-key-request-url option (antoniomika#247) * Add authentication-key-request-url option to allow validation of ssh public key auth via an http POST request to a separate application * Switch to using JSON body in request and include username & remote address of client. commit bcd6911 Author: Sabri Eyuboglu <32822771+seyuboglu@users.noreply.github.com> Date: Fri Oct 21 09:02:58 2022 -0700 Add a check to the gcloud DNS record instructions (antoniomika#251) Add commands for checking that the DNS records were set up correctly. Inspired by the issue antoniomika#250 commit 9696686 Author: Antonio Mika <me@antoniomika.me> Date: Fri Oct 21 11:44:48 2022 -0400 Added streaming for httpmuxer (antoniomika#255) * Added streaming for httpmuxer * Fix gzip response checking commit 890c931 Author: Antonio Mika <antoniomika@gmail.com> Date: Mon Oct 17 12:17:52 2022 -0400 Added full route identifiers commit 7aecd2d Author: Artem Ivanov <ivanovart@users.noreply.github.com> Date: Sun Sep 11 18:56:59 2022 +0200 fix ondemand cert issuing (antoniomika#243) commit c49a1ca Author: Antonio Mika <me@antoniomika.me> Date: Sun Sep 11 12:55:54 2022 -0400 Fixed acme tls-alpn challenges (antoniomika#244) * Fixed acme tls-alpn challenges * Return connection to default handler if unable to read hello * Fix peek check * Simplify dockerfile and update dependencies * Cleanup build cache requirements commit b8ab4cf Merge: 8f44621 3768d42 Author: Antonio Mika <me@antoniomika.me> Date: Wed Aug 24 11:41:25 2022 -0400 Merge pull request antoniomika#241 from antoniomika/am/upgrade-go-1-19 Updated sish to go 1.19 commit 3768d42 Author: Antonio Mika <antoniomika@gmail.com> Date: Wed Aug 24 11:26:25 2022 -0400 Update dependencies commit 58df1cd Author: Antonio Mika <antoniomika@gmail.com> Date: Wed Aug 24 11:13:16 2022 -0400 Updated sish to go 1.19 commit 8f44621 Author: Tim Krins <timkrins@gmail.com> Date: Wed Aug 24 16:10:36 2022 +0100 Expanded debug logging, fix deprecations (antoniomika#240) * Add debug messages for aborted requests * Don't use %s for Println * Fix deprecated ioutil calls * Fix incorrect leading spaces for comment * Add debug-interval option * Align debug logging syntax with existing error logging * Fix linting errors, fix status logging * Ensure debug-interval is not zero commit 4a28b9e Author: Antonio Mika <me@antoniomika.me> Date: Fri Aug 5 22:22:38 2022 -0400 Update gcloud.md Closes antoniomika#238

antoniomika closed this as completed Jun 29, 2022

antoniomika reopened this Dec 2, 2022

antoniomika closed this as completed Dec 12, 2022

antoniomika reopened this Dec 20, 2022

antoniomika closed this as completed in 62dec83 Dec 20, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TCP alias rejecting uppercase letters #237

TCP alias rejecting uppercase letters #237

blop commented Jun 29, 2022

antoniomika commented Jun 29, 2022

blop commented Jun 29, 2022

antoniomika commented Jun 29, 2022

blop commented Jun 29, 2022

blop commented Dec 1, 2022

antoniomika commented Dec 12, 2022

blop commented Dec 12, 2022

antoniomika commented Dec 12, 2022

blop commented Dec 12, 2022

antoniomika commented Dec 20, 2022

blop commented Dec 20, 2022

TCP alias rejecting uppercase letters #237

TCP alias rejecting uppercase letters #237

Comments

blop commented Jun 29, 2022

antoniomika commented Jun 29, 2022

blop commented Jun 29, 2022

antoniomika commented Jun 29, 2022

blop commented Jun 29, 2022

blop commented Dec 1, 2022

antoniomika commented Dec 12, 2022

blop commented Dec 12, 2022

antoniomika commented Dec 12, 2022

blop commented Dec 12, 2022

antoniomika commented Dec 20, 2022

blop commented Dec 20, 2022