Bug 1366400
Summary: | openssh-server doesn't support unix socket forwarding | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Christopher Tubbs <ctubbsii> |
Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
Status: | CLOSED ERRATA | QA Contact: | Stefan Dordevic <sdordevi> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.2 | CC: | nmavrogi, sdordevi, szidek |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openssh-7.4p1-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 18:42:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1341754 | ||
Bug Blocks: | 1377248 |
Description
Christopher Tubbs
2016-08-11 21:24:15 UTC
Thank you for filling the bug and investigating the case you are interested in. You are right. The feature is in openssh-6.7 and therefore not in the RHEL7. But bringing new features into RHEL needs proper justification, which is missing here. If you can provide proper business justification, please open a ticket with your regular Red Hat Support. As implied in the initial description, I think a primary use case is to improve security for cloud use cases by being able to forward gpg-agent securely, without having to trust the cloud provider to store a copy of the GPG credentials. I imagine there's other useful applications related to cloud. This feature allows you to connect unix services remotely over SSH. If by "proper business justification", you mean "who's paying the bill to motivate Red Hat to make the change?", I don't have one. I've provided a technical justification, which I think will benefit your EL7 customers, but I don't personally have a paid Red Hat support subscription. This RFE would be solved by rebase to current upstream or by backport of several patches from upstream: https://github.com/openssh/openssh-portable/commit/7acefbb (patch) https://github.com/openssh/openssh-portable/commit/0e4e955 (tests) https://github.com/openssh/openssh-portable/commit/a8a0f65 (documentation) https://github.com/openssh/openssh-portable/commit/79ec214 (documentation) quite a large patch, but in openssh-6.7, therefore not much diverged from the RHEL7. The patches contains also the regression test suite and documentation changes. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2029 |