mina-sshd icon indicating copy to clipboard operation
mina-sshd copied to clipboard

Published 20 hours ago verified publisher icon apache

ClientProxyConnector/sendClientProxyMetadata

Open Holger-Benz opened this issue 10 months ago • 3 comments

Version

2.12.1

Bug description

Hello dear Apache SSHD team,

I would like to have the apache sshd client connect through a SOCKS5 or HTTP Proxy.

Based on the eclipse jgit project we install a ClientProxyConnector that tells the session to divert all messages received to the proxy connector until the proxy protocol is finished.

If the client is to connect to the remote SFTP server, the connection to the proxy is established first. This connection setup is logged in the proxy's log files. The sendClientProxyMetadata method is then called and the proxy protocol data is sent using the method IoSession#writeBuffer().

The problem is that the proxy does not receive this data. A wireshark analysis has confirmed that no data is being sent to the proyy.

Do you have an idea what the problem might be?

Kind regards Holger Benz

Actual behavior

The ClientProxyConnector#sendClientProxyMetadata method is called and the proxy protocol data is sent via the method IoSession#writeBuffer()

According to the Wireshark analysis, no data is sent to the proxy.

Expected behavior

The data is sent via socket to the proxy

Relevant log output

No response

Other information

No response

Holger-Benz avatar Apr 09 '24 12:04 Holger-Benz

I don't have a setup where I could test this with 2.12.1. But with 2.12.0 the JGit way of doing this works fine in Eclipse.

I used ssh -vvv -D7020 localhost as local SOCKS proxy, and configured the proxy settings in Eclipse (in the preferences) as "manual" with localhost:7020 as SOCKS proxy without authentication. Then I fetched from some remote repository using EGit. SSH printed the forwarding request through the proxy in its debug output, and the fetch worked.

So it seems that the JGit implementation works. Why your version of it doesn't send the proxy protocol message is impossible to answer without seeing the code. I suppose you'll have to debug your code.

tomaswolf avatar Apr 09 '24 19:04 tomaswolf

I downloaded the JGitSshClient version 2.1.12 and tested the communication via a proxy and the communication worked!

The problem occurs when I configure the IOFactory for the JGitSshClient:

  • client.setIoServiceFactoryFactory(new MinaServiceFactoryFactory());

With the IOFactory (MinaServiceFactoryFactory), the proxy protocol data is not sent.

Holger-Benz avatar Apr 10 '24 12:04 Holger-Benz

Debug time :-)

I've used and tested this only in Eclipse, which uses the NIO2 transport. I have no idea why the MINA transport doesn't do the write.

tomaswolf avatar Apr 10 '24 18:04 tomaswolf