Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Force IPV4 on cygwin ssh-agent connections #1344

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

zawata
Copy link

@zawata zawata commented Nov 15, 2023

After upgrading to node18, our SSH connections from windows started failing and I determined that the failure was caused by git-for-windows' ssh-agent listening on the ipv4 loopback address while ssh2 was attempting to connect to the ipv6 loopback address and failing as a result.

The change in node18 that causes this bug is the following:
nodejs/node#39987
which causes node to resolve addresses in the order that windows provides them rather than forcing ipv4 addresses to come first. This causes node's net implementation to use the ipv6 loopback address by default instead of the ipv4 loopback address like previously.

The unix-socket-emulation layer behind cygwin/msys2/git-for-windows binds directly to the ipv4 loopback address and doesn't appear to be able to bind to an ipv6 address:
https://github.com/git-for-windows/msys2-runtime/blob/be826601df87b13be6038bb7e23a01d92be7ef07/winsup/cygwin/fhandler/socket_local.cc#L802
hence just forcing the ip instead of something more substantial.

We use a wrapper around ssh2 which doesn't handle this error as gracefully as modern versions of SSH2 which throw this error:

cb(new Error('Problem negotiating cygwin unix socket security'));

Our wrapper would instead just crash the node process which was much harder to track down.

After upgrading to node18, our SSH connections from windows started failing and it was determined that the failure was caused by git-for-windows ssh-agent listeneing on the ipv4 loopback address while ssh2 was attempting to connect to the ipv6 loopback address and crashing as a result.

Since this address comes from cygwin's unix domain socket emulation implementation, I'm not sure there's any way to change or influence its local address preference.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant