Ssh tunnel not reused when it as a node of proxychain

[lovitus]

Hello dear dev

I had tried to use ssh as first node of proxychain, like

-forward ssh://...,ss://...

what it gone wrong

• After about ten minutes, glider shows "two many open files" . The I maximized the limit by ulimit command

• and then I noticed I couldn't login the remote server anymore (the ssh service)

• the pic was the number of connections , it shown 700 cons, and I guess it was stopped because the server was down

environment

• latest version of glider
• macos Catalina
• the glider listen port only used by Firefox (only two tabs)

My concern

• Is that the app not reuse the ssh tunnel when in proxychain
• is that always a new ssh session created
• is that any option to fix this problem like reuse ,or timeout

Sorry for my English and thanks for your excellent app.

[nadoo]

Hi @lovitus, thanks for your report! How about running with only ssh forwarders(without proxy chain), -forward ssh://...

Maybe it's bug in the ssh client, Ref: #299

[lovitus]

Hi @lovitus, thanks for your report! How about running with only ssh forwarders(without proxy chain), -forward ssh://...

Maybe it's bug in the ssh client, Ref: #299

Hello , Author .
Thanks for your answer, I've tried to separate the protocols by

glider --listen :100 --forward 'ssh://**'
glider --listen :101 --forward 'socks5://lo:100,ss://***'

But I still got no luck, the connections only increasing.
I know you mean to try to use Only SSH to avoid the issue, but in this scene , the SSH Server only can be a relay or forwarder for another protocol.
Hope this issue can be fixed in an easy way, and sorry that I'm not able to contribute codes.

[nadoo]

glider-linux.zip

Hi @lovitus , you can try the attachment to see whether it helped.

[lovitus]

glider-linux.zip

Hi @lovitus , you can try the attachment to see whether it helped.

It's working perfectly on Linux, will use one TCP connection for all traffic.

But, I've found a new problem , if the connection down for less or more than 1minute, glider will quit with panic rather than retry

2021/12/06 12:05:39 server.go:87: [socks5] 192.168.3.4:57729 <-> 2.2.2.2:14443 via 1.1.1.1:22
2021/12/06 12:05:39 server.go:87: [socks5] 192.168.3.4:57731 <-> 2.2.2.2:14443 via 1.1.1.1:22
2021/12/06 12:05:55 server.go:87: [socks5] 192.168.3.4:57787 <-> 2.2.2.2:14443 via 1.1.1.1:22
2021/12/06 12:06:08 ssh.go:97: [ssh]: dial to 1.1.1.1:22 error: dial tcp :0->1.1.1.1:22: connect: connection refused
2021/12/06 12:06:08 server.go:82: [socks5] 192.168.3.4:57844 <-> 2.2.2.2:14443 via 1.1.1.1:22, error in dial: dial tcp :0->1.1.1.1:22: connect: connection refused
2021/12/06 12:06:14 ssh.go:97: [ssh]: dial to 1.1.1.1:22 error: dial tcp :0->1.1.1.1:22: connect: connection refused
2021/12/06 12:06:14 server.go:82: [socks5] 192.168.3.4:57867 <-> 2.2.2.2:14443 via 1.1.1.1:22, error in dial: dial tcp :0->1.1.1.1:22: connect: connection refused
2021/12/06 12:06:20 ssh.go:103: [ssh]: initial connection to 1.1.1.1:22 error: ssh: handshake failed: read tcp 192.168.1.10:41237->1.1.1.1:22: read: connection reset by peer
2021/12/06 12:06:20 server.go:82: [socks5] 192.168.3.4:57896 <-> 2.2.2.2:14443 via 1.1.1.1:22, error in dial: ssh: handshake failed: read tcp 192.168.1.10:41237->1.1.1.1:22: read: connection reset by peer
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x66d534]

goroutine 1284 [running]:
golang.org/x/crypto/ssh.(*Client).dial(0xc000098140, {0xc000026760, 0x7}, 0x0, {0xc00006a090, 0xb}, 0x386b)
        /Users/nadoo/go/pkg/mod/golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e/ssh/tcpip.go:422 +0x154
golang.org/x/crypto/ssh.(*Client).Dial(0x0, {0x790e02, 0x0}, {0xc00006a090, 0xc00006a090})
        /Users/nadoo/go/pkg/mod/golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e/ssh/tcpip.go:350 +0xfd
github.com/nadoo/glider/proxy/ssh.(*SSH).Dial(0xc00001e360, {0x790e02, 0x3}, {0xc00006a090, 0x11})
        /Users/nadoo/Codes/go/glider/proxy/ssh/ssh.go:115 +0xf2
github.com/nadoo/glider/rule.(*Forwarder).Dial(0xc00001e300, {0x790e02, 0xc000026709}, {0xc00006a090, 0xc00092cd08})
        /Users/nadoo/Codes/go/glider/rule/forward.go:112 +0x33
github.com/nadoo/glider/rule.(*FwdrGroup).Dial(0xc00010e500, {0x790e02, 0x3}, {0xc00006a090, 0x11})
        /Users/nadoo/Codes/go/glider/rule/group.go:104 +0x5a
github.com/nadoo/glider/rule.(*Proxy).Dial(0xc00030e5a0, {0x790e02, 0x3}, {0xc00006a090, 0x11})
        /Users/nadoo/Codes/go/glider/rule/proxy.go:62 +0x4c
github.com/nadoo/glider/proxy/socks5.(*Socks5).Serve(0xc0000741e0, {0x80a580, 0xc000180288})
        /Users/nadoo/Codes/go/glider/proxy/socks5/server.go:80 +0x2fa
github.com/nadoo/glider/proxy/mixed.(*Mixed).Serve(0xc00007ef90, {0x80ab00, 0xc00000e198})
        /Users/nadoo/Codes/go/glider/proxy/mixed/mixed.go:98 +0x29b
created by github.com/nadoo/glider/proxy/mixed.(*Mixed).ListenAndServe
        /Users/nadoo/Codes/go/glider/proxy/mixed/mixed.go:77 +0x305
[uhome@bnode /tmp]$

[nadoo]

glider-linux.zip

Hi @lovitus , the attachment was built with optimization, you can try it if you have some time.

[lovitus]

glider-linux.zip

Hi @lovitus , the attachment was built with optimization, you can try it if you have some time.

after tested it by "tcpkill reset / iptables drop and reject", no problem found.
no crash during any circumstance, and connection keeping only 1 established tcp.
Thanks very much for your time and effort,cant wait too see the new release.