[Bug 2272] Global PermitTunnel Yes required to connect to a tunnel
https://bugzilla.mindrot.org/show_bug.cgi?id=2272 joe9m...@gmail.com changed: What|Removed |Added CC||joe9m...@gmail.com -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2272] New: Global PermitTunnel Yes required to connect to a tunnel
https://bugzilla.mindrot.org/show_bug.cgi?id=2272 Bug ID: 2272 Summary: Global PermitTunnel Yes required to connect to a tunnel Product: Portable OpenSSH Version: 6.6p1 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-b...@mindrot.org Reporter: joe9m...@gmail.com Hello, When a tun0 device is created with the below commands on the server: ip tuntap add dev tun0 mode tun user sshuser group sshusers ip link set dev tun0 up ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 and ssh is started with this command from the client: ssh -NTC -w 0:0 -o Tunnel=point-to-point sshuser@ip-address Working extract from sshd_config: PermitTunnel yes Match User sshuser PermitTunnel yes NOT Working extract from sshd_config (below is the message): PermitTunnel no Match User sshuser PermitTunnel yes The error message with a -v is: debug1: Remote: Server has rejected tunnel device forwarding Thanks Joe -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2273] New: The group of the tunnel device needs to match with the group of the connecting ssh user
https://bugzilla.mindrot.org/show_bug.cgi?id=2273 Bug ID: 2273 Summary: The group of the tunnel device needs to match with the group of the connecting ssh user Product: Portable OpenSSH Version: 6.6p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-b...@mindrot.org Reporter: joe9m...@gmail.com Hello, When a tun0 device is created with the below commands on the server: $ id sshuser uid=100(sshuser) gid=100(sshusers) groups=100(sshusers) $ ip tuntap add dev tun0 mode tun user sshuser group users $ ip link set dev tun0 up $ ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 and ssh is started with this command from the client: $ ssh -NTC -w 0:0 -o Tunnel=point-to-point sshuser@ip-address The error message is: debug1: Remote: Failed to open the tunnel device. . . . channel 0: open failed: administratively prohibited: open failed debug1: channel 0: free: tun, nchannels 1 If the group of the tun0 device is changed from users to sshusers, the above ssh connection works fine. Thanks Joe -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2273] The group of the tunnel device needs to match with the group of the connecting ssh user
https://bugzilla.mindrot.org/show_bug.cgi?id=2273 joe9m...@gmail.com changed: What|Removed |Added CC||joe9m...@gmail.com -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Bug 2266 depends on bug 2273, which changed state. Bug 2273 Summary: The group of the tunnel device needs to match with the group of the connecting ssh user https://bugzilla.mindrot.org/show_bug.cgi?id=2273 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller d...@mindrot.org changed: What|Removed |Added Depends on||2273 -- You are receiving this mail because: You are watching the reporter of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2272] Global PermitTunnel Yes required to connect to a tunnel
https://bugzilla.mindrot.org/show_bug.cgi?id=2272 Damien Miller d...@mindrot.org changed: What|Removed |Added CC||d...@mindrot.org Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #1 from Damien Miller d...@mindrot.org --- Yes, that's working as intended. sshd should refuse tunnel connections unless the administrator has explicitly configured it. This is already mentioned in the sshd_config manual. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
https://bugzilla.mindrot.org/show_bug.cgi?id=934 Simon Deziel si...@sdeziel.info changed: What|Removed |Added CC||si...@sdeziel.info -- You are receiving this mail because: You are the assignee for the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2267] Host matching uses modified hostname as well as original
https://bugzilla.mindrot.org/show_bug.cgi?id=2267 Simon Deziel si...@sdeziel.info changed: What|Removed |Added CC||si...@sdeziel.info -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs