OpenSSH Security bug: port forwarding
Pekka Savola
pekkas at netcore.fi
Tue Nov 21 00:24:49 EST 2000
On Mon, 20 Nov 2000, Peter Berger wrote:
> Hi. OpenSSH 2.3.0p1 exhibits the following behavior on Linux 2.2.5. I
> believe this is a bug. Can anyone else replicate this?
>
> On any given SSH machine (let's call it 'test'), start ssh like
> this:
>
> ./ssh -L2526:mail.blah.com:25 -f mail.blah.com sleep 1000
>
> (where mail.blah.com is some machine running sendmail, you have a login
> account, etc.)
>
> In a just world (and this works with f-secure SSH1), you should be able to
> do this on test:
>
> telnet 127.0.0.1 2526
>
> and connect to mail.blah.com port 25 over the secure channel. This works.
>
> But if I am sitting on -some other machine- and type:
>
> telnet test.blah.com 2526
Works fine for me (RHL 7.0, 2.4 kernel, the latest ssh-2.3.0p2 snapshot;
also tested RHL 6.0, 2.2.16-3 kernel, ssh-2.3.0p1):
---
debug: Connections to local port 2526 forwarded to remote address netcore.fi:25
debug: Local forwarding listening on 127.0.0.1 port 2456.
---
---
tcp 0 0 127.0.0.1:2526 0.0.0.0:* LISTEN
---
You haven't defined GatewayPorts in ssh configuration by mistake, have
you?
--
Pekka Savola "Tell me of difficulties surmounted,
Pekka.Savola at netcore.fi not those you stumble over and fall"
More information about the openssh-unix-dev
mailing list