aws-samples / aws-iot-securetunneling-localproxy

AWS Iot Secure Tunneling local proxy reference C++ implementation
https://docs.aws.amazon.com/iot/latest/developerguide/what-is-secure-tunneling.html
Apache License 2.0
77 stars 72 forks source link

Secure Tunnel locks up eventually #49

Closed Lard4 closed 3 years ago

Lard4 commented 3 years ago

Describe the bug

The tunnel completely locks up and the SSH session hangs (can't even ctrl-c) after an indeterminate amount of time (or data transfer). The only way to get out of the lockup is to delete the tunnel in the AWS console and restart the entire connection again.

To Reproduce

Steps to reproduce the behavior:

  1. create a tunnel
  2. open both ends
  3. ssh into the destination
  4. eventually the session will freeze. the quickest way to reproduce seems to be by running a program that just prints a ton of data to the screen. the lockup also happens relatively frequently when using vim after some time (sometimes 5 seconds in one vim session, sometimes dozens of minutes through multiple vim sessions)

Expected behavior

the tunnel opens and works properly until it times out or gets closed or deleted.

Actual behavior

it locks up after some time and needs to be recreated.

Logs

N/A. the tunnel does not output anything abnormal to the logs.

Environment (please complete the following information):

N/A

kareali commented 3 years ago

This seems like an issue with the underlying SSH agent and SSH session freeze is a relatively common issue with Raspberry Pi, Can you try SSHing directly (without a tunnel or localproxy) from the same source to the same Raspberry Pi to see if it also freezes?

kareali commented 3 years ago

I tried this on my machine to see if I can reproduce it

  1. Build localproxy natively for mac
  2. from terminal A run:
    export AWSIOT_TUNNEL_ACCESS_TOKEN=<SOURCE_TOKEN>
    ./localproxy -s 5555 -r us-west-2 -v 5
  3. From terminal B run:
    export AWSIOT_TUNNEL_ACCESS_TOKEN=<SOURCE_TOKEN>
    ./localproxy -d 22 -r us-west-2 -v 5
  4. From terminal C run:
    ssh $USER@localhost -p 5555
    # Print the localproxy binary, it's about 5 MB so I figured it should be big enough
    cat localproxy
  5. Waited until the print is over, and it was not frozen.
kareali commented 3 years ago

Closing the issue due to inactivity.