[Bug 1952] New: Local port forwarding does not work in a particular combination of conditions.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Nov 29 18:39:24 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1952

             Bug #: 1952
           Summary: Local port forwarding does not work in a particular
                    combination of conditions.
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.8p1
          Platform: Itanium
        OS/Version: HP-UX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: seifer1983 at gmail.com


OS:
HP-UX B.11.31 U 9000/80 or HP-UX B.11.31 ia64 

Related SSH Version: 
Found on 5.8p1.  I also found this problem on 5.3p1 and 5.6p1, so it
may be in all versions.

Reproduced steps:

1. Update /etc/nsswitch.conf to not resolve "ipnodes" from dns.  Could
set it to resolve "ipnodes" files, nis, or both.  I used files in my
test.

hosts:        dns [NOTFOUND=continue] nis [NOTFOUND=continue] files
ipnodes:      files
networks:     nis [NOTFOUND=continue] files


2. Start SSHD on a private port, i.e. 51220, with below configuration. 
Directory "/adamroot" is set with proper privilege.

Match User adam
ChrootDirectory /adamchroot

3. Start any TCP server application listening on a specific port
number.  I used another SSHD listening on port 51230.

4. On the same machine, start a local port forwarding session. Forward
51230 to local port 51232.

# ssh -L 51232:localhost:51230 -N -f -l adam -p 51220 localhost

5. Start a TCP client app, connect to TCP server started in step 3),
through the forwarded port number in step 4).  I used ssh client in my 
test.

# ssh -l user1 -p 51232 localhost

Step 5 will fail and the tunneling session in step 4) will dump below
message.

channel 2: open failed: administratively prohibited: open failed

When I used SSHD in debug mode and test again, I got below log.

...
connect_to localhost: unknown host (host nor service provided, or not
known)
debug1: server_input_channel_open: failure direct-tcpip
...

It looks like SSHD can not resolve "localhost" in this particular
condition.

You could use any other TCP C/S app to reproduce the problem as long as
you are able to config target host name and listen port.  

Note that if you use a not matched account in step 4) to set up
tunneling, i.e. any account other than "adam" in my test,you will not
meet this problem.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list