[Bug 2273] New: The group of the tunnel device needs to match with the group of the connecting ssh user
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Sep 9 18:02:54 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2273
Bug ID: 2273
Summary: The group of the tunnel device needs to match with the
group of the connecting ssh user
Product: Portable OpenSSH
Version: 6.6p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: joe9mail at gmail.com
Hello,
When a tun0 device is created with the below commands on the server:
$ id sshuser
uid=100(sshuser) gid=100(sshusers) groups=100(sshusers)
$ ip tuntap add dev tun0 mode tun user sshuser group users
$ ip link set dev tun0 up
$ ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
and ssh is started with this command from the client:
$ ssh -NTC -w 0:0 -o Tunnel=point-to-point sshuser@<ip-address>
The error message is:
debug1: Remote: Failed to open the tunnel device.
.
.
.
channel 0: open failed: administratively prohibited: open failed
debug1: channel 0: free: tun, nchannels 1
If the group of the tun0 device is changed from "users" to "sshusers",
the above ssh connection works fine.
Thanks
Joe
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list