Bug 190141 - sshd port forwarding stopped working as of glibc-2.3.6-3.
Summary: sshd port forwarding stopped working as of glibc-2.3.6-3.
Keywords:
Status: CLOSED DUPLICATE of bug 186592
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 4
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-04-27 22:48 UTC by Jeff Groves
Modified: 2007-11-30 22:11 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-05-03 12:32:22 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Putty ssh client logging (33.60 KB, application/octet-stream)
2006-05-02 05:29 UTC, Jeff Groves
no flags Details
Log file from running -ddd parameter with sshd (15.46 KB, text/plain)
2006-05-02 05:30 UTC, Jeff Groves
no flags Details
Testcase (631 bytes, text/plain)
2006-05-02 11:41 UTC, Tomas Mraz
no flags Details

Description Jeff Groves 2006-04-27 22:48:57 UTC
Description of problem:
Previously, on the same machine, I was able to create ssh connections to my
server and use the port forwarding to access systems on my local network.  

After my last yum update on April 21 where glibc-2.3.6-3 was installed (along
with a few other things), sshd port forwarding now longer works.  I now get the
error:

Forwarded connection refused by server: Administratively prohibited [open failed]


Version-Release number of selected component (if applicable):
glibc-2.3.6-3

How reproducible:
Errors out every time now.

Steps to Reproduce:
1.  yum update to get glibc-2.3.6-3 and other items
2.  try to use the port forwarding when connecting to the updated server
3.  receive error message 
  
Actual results:
Forwarded connection refused by server: Administratively prohibited [open failed]


Expected results:

I expected to be able to connect to other machines on my local network as I have
been able to until April 21.

Additional info:

I check the open-ssh project web site and found no references to this issue there.

Comment 1 Tomas Mraz 2006-04-28 15:33:32 UTC
I'm sorry but I cannot reproduce this problem here.

Which client version do you use?

Could you try to run the server with sshd -ddd and attach the debug output here?
Could you do the same on client? (ssh -vvv ....)


Comment 2 Jeff Groves 2006-04-29 23:24:19 UTC
This is actually using PuTTy version 0.58 as my client.  I've also used the
current development tip version of PuTTy with the same negative results.

I'll put together th requested -ddd and -vvv output files tomorrow when I have a
spare moment -- might be kind of hard to get the -vvv files or the equivalent
since I'm using PuTTy though.  We'll see.

Thanks,

Jeff G.

Comment 3 Jeff Groves 2006-05-02 05:29:09 UTC
Created attachment 128467 [details]
Putty ssh client logging

Comment 4 Jeff Groves 2006-05-02 05:30:25 UTC
Created attachment 128468 [details]
Log file from running -ddd parameter with sshd

Comment 5 Jeff Groves 2006-05-02 05:34:12 UTC
Upon further investigation, this issue where forwarding isn't happening is when
I specify the host using its DNS name.  If I specify an IP address, then the
forwarding works OK.

I would be the first to point a finger at my DNS configuration, but this all
worked just fine before I did the April 21 yum update.  Also, DNS name
resolution to IP address works fine on the server and the client machines with
other applicaitons.

Thanks,

Jeff G.

Comment 6 Tomas Mraz 2006-05-02 07:32:36 UTC
What prints 'host webcam2.test.org' when you run it on the server?


Comment 7 Jeff Groves 2006-05-02 09:41:45 UTC
Please note that I text replaced my domain name with "test.org" log files that I
posted after I ran the tests.  I made this change for privacy reasons.  With
that being said, I've run the test that you requested and again made the same
change afterwards:

$ host webcam2.test.org
webcam2.test.org has address 192.168.0.121


This DNS name translation to IP address is correct.

Comment 8 Tomas Mraz 2006-05-02 11:41:32 UTC
Created attachment 128478 [details]
Testcase

Can you try compiling and running this testcase as './testgai webcam2.test.org
80'?

Comment 9 Éric Brunet 2006-05-02 17:45:59 UTC
I don't think it is a problem of sshd, but of the glibc.
I have similar problems with other programs when using glibc-2.3.6-3 on my i386 fc4:

scp -P 22 somehost:x .     fails with a "System error"
scp       somehost:x .     succeeds
scp -P 22 someip:x .       succeeds
(somehost is the full qualified host name, someip is number.number.number.number)
(note that ssh works in all configuration)

ncftp somehost             fails with a "segmentation fault"
ncftp someip               succeeds

yum list (or update, etc)  fails with "Cannot find a valid baseurl for repo..."
                           obviously, it could not fetch the mirror list.

nxclient    (from NoMachine) fails also with a "System error"

All of this works nicely if I downgrade glibc to 2.3.5-10.3

I don't have any named running. My resolv.conf contains three nameserver lines
and a "search localdomain" line. "host somehost" works correctly, and
"./testgai webcam2.test.org 80" gives "getaddrinfo succeeded".

I am back to using glibc-2.3.5 to have a usable system. I can make some more
test, but I need to "upgrade" glibc, make the tests and downgrade it. It would
be nice if you could batch the tests you ask me to do...

Comment 10 Tomas Mraz 2006-05-02 17:58:02 UTC
-> glibc

Comment 11 Jeff Groves 2006-05-02 18:32:28 UTC
Results of testcase execution below:

  $ ./testgai webcam2.test.org 80
  getaddrinfo succeeded


Thanks,

Jeff G.

Comment 12 Jakub Jelinek 2006-05-03 12:32:22 UTC
Just remove nisplus from your nsswitch.conf.

*** This bug has been marked as a duplicate of 186592 ***

Comment 13 Jeff Groves 2006-05-03 23:17:42 UTC
I can confirm that removing the nisplus entries from my /etc/nsswitch.conf file
is a valid work-around to resolve this issue.

Thanks,

Jeff g.


Note You need to log in before you can comment on or make changes to this bug.