Julian Edwards wrote:
> As far as I can tell, there's nothing actually going wrong here. I am
> interested in the two examples' different error messages though, why is
> one:
It's the difference in the forwarding direction (the -R vs. -L switch
when using openssh-client).
> Warning: remote port
On Mon, 13 Dec 2010 10:50:57 -, Julian Edwards <689...@bugs.launchpad.net>
wrote:
> As far as I can tell, there's nothing actually going wrong here. I am
> interested in the two examples' different error messages though, why is
> one:
>
> Warning: remote port forwarding failed for listen por
As far as I can tell, there's nothing actually going wrong here. I am
interested in the two examples' different error messages though, why is
one:
Warning: remote port forwarding failed for listen port 8666
and the other:
channel 1: open failed: unknown channel type: unknown channel
?
** Tags
@Andrew - probably so; I'm glad that you guys are on top of this.
Would it be prudent to log the error and the offending activity, perhaps
by user? That would at least give you an idea if people are poking at it
and decide if it's worth filing a bug upstream?
I agree that this is a lot better tha
Saying so would be nice I guess, but I don't think it's particularly
important.
The current implementation/configuration is that Launchpad's use of the
Twisted Conch library explicitly overrides the channelLookup dict to
only have 'session'. So when the client tries to open a direct-tcpip
channel
@kees - its not being offered, its being denied (at a late stage sure,
but thats largely due to the code layering involved; would be
wonderful to make conch much prettier and less confusing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubun
@andrew - I'm not clear on that either - what seems clear is that if
it's administratively prohibited, it should probably say so.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/689213
Title:
PPA sshd
I don't think the server does offer port forwarding. In the first
example the client sends a tcpip-forward request, and the server rejects
it. In the second example, the client asks to open a direct-tcpip
channel, and again the server rejects it. As far as I can see from RFC
4254 TCP/IP port for
@Jelmer - exactly; it's either a bug in Twisted or a config issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/689213
Title:
PPA sshd configuration
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.
I'm not sure that Conch is behaving very differently here from openssh
configured with the suggested options. OpenSSH says
"channel 2: open failed: administratively prohibited: open failed"
where conch is saying
"channel 1: open failed: unknown channel type: unknown channel"
but that's it, AFA
The point is that poppy offers port forwarding (for no reason
whatsoever) and that widens the overall attack surface.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/689213
Title:
PPA sshd configurati
@lifeless: the point was that port forwarding was offered at all. It
shouldn't work (and it appears not to, but the errors seem later than I
would expect from an SSH service that would reject them).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
marking public, nothing private here.
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/689213
Title:
PPA
13 matches
Mail list logo