Bug 190141

Summary: sshd port forwarding stopped working as of glibc-2.3.6-3.
Product: [Fedora] Fedora Reporter: Jeff Groves <jgroves>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 4CC: eric.brunet, jgroves, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-03 12:32:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Putty ssh client logging
none
Log file from running -ddd parameter with sshd
none
Testcase none

Description Jeff Groves 2006-04-27 22:48:57 UTC 
Description of problem:
Previously, on the same machine, I was able to create ssh connections to my
server and use the port forwarding to access systems on my local network.  

After my last yum update on April 21 where glibc-2.3.6-3 was installed (along
with a few other things), sshd port forwarding now longer works.  I now get the
error:

Forwarded connection refused by server: Administratively prohibited [open failed]


Version-Release number of selected component (if applicable):
glibc-2.3.6-3

How reproducible:
Errors out every time now.

Steps to Reproduce:
1.  yum update to get glibc-2.3.6-3 and other items
2.  try to use the port forwarding when connecting to the updated server
3.  receive error message 
  
Actual results:
Forwarded connection refused by server: Administratively prohibited [open failed]


Expected results:

I expected to be able to connect to other machines on my local network as I have
been able to until April 21.

Additional info:

I check the open-ssh project web site and found no references to this issue there.
Comment 1 Tomas Mraz 2006-04-28 15:33:32 UTC 
I'm sorry but I cannot reproduce this problem here.

Which client version do you use?

Could you try to run the server with sshd -ddd and attach the debug output here?
Could you do the same on client? (ssh -vvv ....)
Comment 2 Jeff Groves 2006-04-29 23:24:19 UTC 
This is actually using PuTTy version 0.58 as my client.  I've also used the
current development tip version of PuTTy with the same negative results.

I'll put together th requested -ddd and -vvv output files tomorrow when I have a
spare moment -- might be kind of hard to get the -vvv files or the equivalent
since I'm using PuTTy though.  We'll see.

Thanks,

Jeff G.
Comment 3 Jeff Groves 2006-05-02 05:29:09 UTC 
Created attachment 128467 [details]
Putty ssh client logging
Comment 4 Jeff Groves 2006-05-02 05:30:25 UTC 
Created attachment 128468 [details]
Log file from running -ddd parameter with sshd
Comment 5 Jeff Groves 2006-05-02 05:34:12 UTC 
Upon further investigation, this issue where forwarding isn't happening is when
I specify the host using its DNS name.  If I specify an IP address, then the
forwarding works OK.

I would be the first to point a finger at my DNS configuration, but this all
worked just fine before I did the April 21 yum update.  Also, DNS name
resolution to IP address works fine on the server and the client machines with
other applicaitons.

Thanks,

Jeff G.
Comment 6 Tomas Mraz 2006-05-02 07:32:36 UTC 
What prints 'host webcam2.test.org' when you run it on the server?
Comment 7 Jeff Groves 2006-05-02 09:41:45 UTC 
Please note that I text replaced my domain name with "test.org" log files that I
posted after I ran the tests.  I made this change for privacy reasons.  With
that being said, I've run the test that you requested and again made the same
change afterwards:

$ host webcam2.test.org
webcam2.test.org has address 192.168.0.121


This DNS name translation to IP address is correct.
Comment 8 Tomas Mraz 2006-05-02 11:41:32 UTC 
Created attachment 128478 [details]
Testcase

Can you try compiling and running this testcase as './testgai webcam2.test.org
80'?
Comment 9 Éric Brunet 2006-05-02 17:45:59 UTC 
I don't think it is a problem of sshd, but of the glibc.
I have similar problems with other programs when using glibc-2.3.6-3 on my i386 fc4:

scp -P 22 somehost:x .     fails with a "System error"
scp       somehost:x .     succeeds
scp -P 22 someip:x .       succeeds
(somehost is the full qualified host name, someip is number.number.number.number)
(note that ssh works in all configuration)

ncftp somehost             fails with a "segmentation fault"
ncftp someip               succeeds

yum list (or update, etc)  fails with "Cannot find a valid baseurl for repo..."
                           obviously, it could not fetch the mirror list.

nxclient    (from NoMachine) fails also with a "System error"

All of this works nicely if I downgrade glibc to 2.3.5-10.3

I don't have any named running. My resolv.conf contains three nameserver lines
and a "search localdomain" line. "host somehost" works correctly, and
"./testgai webcam2.test.org 80" gives "getaddrinfo succeeded".

I am back to using glibc-2.3.5 to have a usable system. I can make some more
test, but I need to "upgrade" glibc, make the tests and downgrade it. It would
be nice if you could batch the tests you ask me to do...
Comment 10 Tomas Mraz 2006-05-02 17:58:02 UTC 
-> glibc
Comment 11 Jeff Groves 2006-05-02 18:32:28 UTC 
Results of testcase execution below:

  $ ./testgai webcam2.test.org 80
  getaddrinfo succeeded


Thanks,

Jeff G.
Comment 12 Jakub Jelinek 2006-05-03 12:32:22 UTC 
Just remove nisplus from your nsswitch.conf.

*** This bug has been marked as a duplicate of 186592 ***
Comment 13 Jeff Groves 2006-05-03 23:17:42 UTC 
I can confirm that removing the nisplus entries from my /etc/nsswitch.conf file
is a valid work-around to resolve this issue.

Thanks,

Jeff g.