Port Forward Limit?
Todd Morgan
bamamorgans at gmail.com
Sat Sep 27 22:22:41 EST 2014
Damien,
We use opensuse and centos at my office and are using the openssh
provided by the OS repo. There was a lot more output from the
backtrace. I will get that to you.
On 09/26/2014 04:51 PM, Damien Miller wrote:
On Fri, 26 Sep 2014, Todd Morgan wrote:
At my company we use port forwarding as an alternative to VPN. In previous
releases of openssh (pre 6.0) we could run a script and fetch the thousands
of forwards to our local machine to connect to remote machines. Since
openssh 6.x, whenever we run the same script we get a bufferoverflow error.
----
debug1: channel 4577: new [port listener]
debug1: channel 4578: new [client-session]
debug1: Requesting [1]no-more-sessions at openssh.com
debug1: Entering interactive session.
*** buffer overflow detected ***: ssh terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f3516baf8f7]
/lib64/libc.so.6(+0x10bac0)[0x7f3516badac0]
/lib64/libc.so.6(+0x10d867)[0x7f3516baf867]
ssh(+0x26825)[0x7f3519304825]
ssh(+0x2aece)[0x7f3519308ece]
ssh(+0x12d05)[0x7f35192f0d05]
ssh(+0xb3ee)[0x7f35192e93ee]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f3516ac3af5]
ssh(+0xc289)[0x7f35192ea289]
----
I assume this is a security measure to thwart overflow attacks. I've tried
utilizing multiplexing, but received the same type of buffer overflow.
Are there any settings that I can change to allow for more forwards? At the
moment we have a work around to only pull back ports in batches but that
isn't a long term solution.
Any advice would be appreciated. Thanks
It looks like it is crashing inside libc, but it is hard to tell. Did
you build OpenSSH yourself? If so, could you try compiling with debugging
symbols enabled (ensure -g is in Makefile CFLAGS, "make clean; make").
Then try to run ssh under a debugger, e.g. from your build directory
gdb --args ./ssh user at host
When it crashes, enter "bt" to get a backtrace. That should give us a good
start to figure out what is going wrong.
-d
References
1. mailto:no-more-sessions at openssh.com
More information about the openssh-unix-dev
mailing list