Close all remote forwards on loss of server connection

Author: NHAS

internal/client/client.go

@@ -580,6 +580,7 @@ func Run(addr, fingerprint, proxyAddr, sni string, winauth bool) {
 		})
 
 		sshConn.Close()
+		handlers.StopAllRemoteForwards()
 
 		if err != nil {
 			log.Printf("Server disconnected unexpectedly: %s\n", err)

internal/client/handlers/remoteforward.go

@@ -36,6 +36,17 @@ func GetServerRemoteForwards() (out []string) {
 	return out
 }
 
+func StopAllRemoteForwards() {
+	currentRemoteForwardsLck.Lock()
+	defer currentRemoteForwardsLck.Unlock()
+
+	for _, forward := range currentRemoteForwards {
+		go forward.Listener.Close()
+	}
+
+	clear(currentRemoteForwards)
+}
+
 func StopRemoteForward(rf internal.RemoteForwardRequest) error {
 	currentRemoteForwardsLck.Lock()
 	defer currentRemoteForwardsLck.Unlock()
@@ -132,27 +143,27 @@ func handleData(rf internal.RemoteForwardRequest, proxyCon net.Conn, sshConn ssh
 
 	b := ssh.Marshal(&drtMsg)
 
-	destination, reqs, err := sshConn.OpenChannel("forwarded-tcpip", b)
+	source, reqs, err := sshConn.OpenChannel("forwarded-tcpip", b)
 	if err != nil {
 		log.Println("Opening forwarded-tcpip channel to server failed: ", err)
 
 		return err
 	}
-	defer destination.Close()
+	defer source.Close()
 
 	go ssh.DiscardRequests(reqs)
 
 	log.Println("Forwarded-tcpip channel request sent and accepted")
 
 	go func() {
-		defer destination.Close()
+		defer source.Close()
 		defer proxyCon.Close()
-		io.Copy(destination, proxyCon)
+		io.Copy(source, proxyCon)
 
 	}()
 
 	defer proxyCon.Close()
-	_, err = io.Copy(proxyCon, destination)
+	_, err = io.Copy(proxyCon, source)
 
 	return err
 }

internal/server/sshd.go

@@ -272,7 +272,7 @@ func StartSSHServer(sshListener net.Listener, privateKey ssh.Signer, insecure, o
 			if err != ErrKeyNotInList {
 				err = fmt.Errorf("admin with supplied username (%s) denied login: %s", strconv.QuoteToGraphic(conn.User()), err)
 				if isUntrustWorthy {
-					err = fmt.Errorf("admin (%s) denied login: %s: cannot connect admins via pivoted server port (may result in allow list bypass)", strconv.QuoteToGraphic(conn.User()), err)
+					err = fmt.Errorf("admin (%s) denied login: cannot connect admins via pivoted server port (may result in allow list bypass)", strconv.QuoteToGraphic(conn.User()))
 				}
 				return nil, err
 			}
@@ -290,7 +290,7 @@ func StartSSHServer(sshListener net.Listener, privateKey ssh.Signer, insecure, o
 			if err != ErrKeyNotInList {
 				err = fmt.Errorf("user (%s) denied login: %s", strconv.QuoteToGraphic(conn.User()), err)
 				if isUntrustWorthy {
-					err = fmt.Errorf("user (%s) denied login: %s: cannot connect users via pivoted server port (may result in allow list bypass)", strconv.QuoteToGraphic(conn.User()), err)
+					err = fmt.Errorf("user (%s) denied login: cannot connect users via pivoted server port (may result in allow list bypass)", strconv.QuoteToGraphic(conn.User()))
 				}
 
 				return nil, err