[Bug 2273] New: The group of the tunnel device needs to match with the group of the connecting ssh user

Tue Sep 9 18:02:54 EST 2014

https://bugzilla.mindrot.org/show_bug.cgi?id=2273

            Bug ID: 2273
           Summary: The group of the tunnel device needs to match with the
                    group of the connecting ssh user
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: joe9mail at gmail.com

Hello,

When a tun0 device is created with the below commands on the server:

$ id sshuser
uid=100(sshuser) gid=100(sshusers) groups=100(sshusers)

$ ip tuntap add dev tun0 mode tun user sshuser group users
$ ip link set dev tun0 up
$ ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2

and ssh is started with this command from the client:

$ ssh -NTC -w 0:0 -o Tunnel=point-to-point sshuser@<ip-address>

The error message is:

debug1: Remote: Failed to open the tunnel device.
.
.
.
channel 0: open failed: administratively prohibited: open failed
debug1: channel 0: free: tun, nchannels 1

If the group of the tun0 device is changed from "users" to "sshusers",
the above ssh connection works fine.

Thanks
Joe

-- 
You are receiving this mail because:
You are watching the assignee of the bug.