Hello All--

First, thanks for ControlPath/ControlMaster. It's very handy, and
ControlMaster=autoask is just what i wanted!

I'm having difficulty with a common use case, however. I want to
LocalForward on secondary connections using an already-established
ControlPath. From what i can tell, the second ssh connection doesn't
report any errors, but silently ignores the supplied LocalForward

Is this an expected behavior? from man ssh_config(5), i see that:

X11 and ssh-agent(1) forwarding is supported over these
multiplexed connections, however the display and agent fowarded
will be the one belonging to the master connection i.e. it is not
possible to forward multiple displays or agents.

But i couldn't find any reference to whether LocalForward (or for that
matter, RemoteForward or DynamicForward) should work or not work with
multiplexed connections.

For my purposes, it would be fine if the master connection opened the
new forwarded port, instead of the secondary connection, as long as
the secondary one could initiate the forwarding. I'd like for the
secondary to be able to tear it down when it's done too, of course,
but i could do without that for now.

Here's an example of an attempt which appears to fail for me, with a
bit of debugging verbosity thrown in:

("5th" is a host with an IMAP server answering on the loopack address)

[dkg@squeak ~]$ ssh -Nf -MS ~/.ssh/controls/fubar -L 9999:localhost:143 5th true
[dkg@squeak ~]$ ssh -vvv -Nf -S ~/.ssh/controls/fubar -L 8888:localhost:143 5th true
OpenSSH_4.2p1 Debian-5.dkg0, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /home/dkg/.ssh/config
debug1: Applying options for 5th
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: auto-mux: Trying existing master
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug2: Received exit status from master 0
debug2: Received EOF from master
[dkg@squeak ~]$ nmap -p 8888,9999 localhost

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-11-11 00:04 EST
Interesting ports on localhost.localdomain (
8888/tcp closed sun-answerbook
9999/tcp open abyss

Nmap finished: 1 IP address (1 host up) scanned in 0.141 seconds
[dkg@squeak ~]$

As you can see, the initial LocalForward (over localhost port 9999)
works just fine, but the second attempted connection (port 8888) never
happens and just mysteriously goes away without complaint.

Any suggestions or insight you have would be appreciated.

As you can see, i'm using a slightly-modified debian openssh 4.2p1-5
(only ./configure flags were changed to include opensc support) on a
debian etch/sid system. If this works on other platforms or with
other build options, i'd be happy to hear about it.

Thanks again for this great tool,


openssh-unix-dev mailing list