search

blinksh / blink

Blink Mobile Shell for iOS (Mosh based)
https://blink.sh
GNU General Public License v3.0
6.18k stars 576 forks source link

ProxyJump doesn't work when jump server has underscore in name #2008

Open brishav23 opened 6 months ago

brishav23 commented 6 months ago

Checklist

Configuration

Blink version: 17.2.2.868 iOS: 17.4.1 iPhone 13 Pro

Blink version: 17.3.0.895 iPadOS: 17.4.1 iPad Pro 11-inch (3rd gen, M1)

Describe the bug

When I try to use a host that has an underscore in its name to proxy jump, I get an error message. I managed to replicate this on my iPhone using the latest app store version and my iPad with the TestFlight version.

For example, with the following configuration:

Alias: host_jump
HostName: ...
Port: ...
User: ...
Alias: host
HostName: ...
Port: ...
User: ...
ProxyJump: host_jump

attempting to ssh host gives me the error message:

Error connecting to testvm. operationError(msg: "Failed to set option \'SSH_OPTIONS_PROXYJUMP\'")

However, if I change this to

Alias: hostjump
HostName: ...
Port: ...
User: ...
Alias: host
HostName: ...
Port: ...
User: ...
ProxyJump: hostjump

then I can connect as expected.

For what it's worth, if I use ProxyCommand instead like so:

Alias: host_jump
HostName: ...
Port: ...
User: ...
Alias: host
HostName: ...
Port: ...
User: ...
ProxyCommand: ssh -W %h:%p host_jump

then ssh host works just fine as well.

carloscabanero commented 6 months ago

I need to check this but we can get it fixed before final release for 17.3.0

carloscabanero commented 5 months ago

So here is the thing. Although underscores are allowed in domain names, they are still not allowed in Host Names. Host names are limited to letters-digits-hyphens. Libssh follows this convention, I'm not sure if OpenSSH does though. When we are the ones replacing it (on the ProxyCommand example you sent), this is not an issue as we consider that an "Alias" and not a Hostname.

That being said, one thing is what the rules say and another what people are actually doing. We may need to take this to upstream. For the time being, if you want to have underscores, just don't use them at the ProxyJump itself.

I'm gonna leave this for a later release because I don't know if the "underscore" may actually break other things within LibSSH for 17.3.0 and we are about to release. If the issues had been parsing on our side, I would have had no problem making the change. Hope that makes sense.

Resources https://git.libssh.org/projects/libssh.git/tree/src/misc.c#n2133 https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it/2183140#2183140

brishav23 commented 5 months ago

I see, that makes sense. Thanks for checking that out; it doesn't really affect the usefulness of the app anyway 😆 as for OpenSSH, the reason I opened the issue was because the same config (with underscores for the ProxyJump) worked fine on my Mac with OpenSSH, but I didn't realize that might have been an OpenSSH-specific thing

carloscabanero commented 5 months ago

One possible idea to solve this on the Blink side for the non-proxyjump case, is to actually resolve from our side before passing it down. Will test this out.