Port Forward Limit?

Todd Morgan bamamorgans at gmail.com
Sat Sep 27 06:01:49 EST 2014


At my company we use port forwarding as an alternative to VPN. In previous
releases of openssh (pre 6.0) we could run a script and fetch the thousands
of forwards to our local machine to connect to remote machines. Since
openssh 6.x, whenever we run the same script we get a bufferoverflow error.

----
debug1: channel 4577: new [port listener]
debug1: channel 4578: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
*** buffer overflow detected ***: ssh terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f3516baf8f7]
/lib64/libc.so.6(+0x10bac0)[0x7f3516badac0]
/lib64/libc.so.6(+0x10d867)[0x7f3516baf867]
ssh(+0x26825)[0x7f3519304825]
ssh(+0x2aece)[0x7f3519308ece]
ssh(+0x12d05)[0x7f35192f0d05]
ssh(+0xb3ee)[0x7f35192e93ee]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f3516ac3af5]
ssh(+0xc289)[0x7f35192ea289]
 ----

I assume this is a security measure to thwart overflow attacks. I've tried
utilizing multiplexing, but received the same type of buffer overflow.

Are there any settings that I can change to allow for more forwards? At the
moment we have a work around to only pull back ports in batches but that
isn't a long term solution.

Any advice would be appreciated. Thanks

-Todd Morgan


More information about the openssh-unix-dev mailing list