Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 133112 - openssh remote port binding weakness
Summary: openssh remote port binding weakness
Status: VERIFIED DUPLICATE of bug 133115
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Linux bug wranglers
URL:
Whiteboard:
Keywords:
: 133116 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-05-12 06:03 UTC by norbert kamenicky
Modified: 2006-05-12 08:15 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description norbert kamenicky 2006-05-12 06:03:09 UTC
I wanted to give http access to my VoIP phone to users on remote LAN ...


  MyPhone --- MyFirewall ===== internet ====== RemoteFirewall --- LAN
        \___________________________________________________/
                          tunel

I run this as noro@MyFirewall:

  ssh -R RemoteFirewallLanIP:12345:MyPhone:80  RemoteFirewall

Now I check what's happened on RemoteFirewall:

  netstat -ln | grep 12345

and received this output:

  tcp  0   0 0.0.0.0:12345     0.0.0.0:*       LISTEN
          ^^^^^^^^^^
but expected this:

  tcp  0   RemoteFirewallLanIP:12345     0.0.0.0:*       LISTEN
            ^^^^^^^^^^
i.e. it look's like I run the command:

 ssh -R \*:12345:MyPhone:80   RemoteFirewall

which is a bug


Notes:
- on both ends is kernel 2.6.16-gentoo-r6 and openssh-4.3_p2-r1
- if I allow input to port 12345 on public interface on Remote firewall, it's
  really possible to connect to the phone !!!
- if GatewayPorts option is disabled (default), port binds only to localhost,    which is correct
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-05-12 06:18:11 UTC
> if GatewayPorts option is disabled (default), port binds only to localhost,   

I'd suggest to read the fine manual:

man 5 sshd_config

<snip>
GatewayPorts

Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded
ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be ``no'' to force remote port forwardings to be
available to the local host only, ``yes'' to force remote port forwardings to bind to the wildcard address, or ``clientspecified'' to allow the client to select the address to which the forwarding is bound.  The default is              ``no''.
</snip>

So - where exactly is the bug?
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-05-12 06:28:02 UTC
*** Bug 133115 has been marked as a duplicate of this bug. ***
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2006-05-12 06:28:09 UTC
*** Bug 133116 has been marked as a duplicate of this bug. ***
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-05-12 08:15:17 UTC
Reopen to redupe.
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2006-05-12 08:15:30 UTC

*** This bug has been marked as a duplicate of 133115 ***
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2006-05-12 08:15:44 UTC
.