Bug 2812

Summary: Stream Local forwarding not working for root user
Product: Portable OpenSSH Reporter: Hussein Galal <hussein.galal.ahmed.11>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: major CC: djm, hussein.galal.ahmed.11, jjelen
Priority: P3    
Version: 7.4p1   
Hardware: All   
OS: Linux   

Description Hussein Galal 2017-12-14 05:46:35 AEDT
Operating System: 
# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)


opening ssh tunnel to a socket on RHEL/Centos machine with root user doesn't work and result in the following error when trying to use the locally created socket:

# ssh -nNT -L $(pwd)/docker.sock:/var/run/docker.sock root@35.184.111.96
channel 1: open failed: administratively prohibited: open failed
channel 1: open failed: administratively prohibited: open failed


Normal users works correctly, and doesn't cause this error.

# rpm -qa | grep openssh-server
openssh-server-7.4p1-13.el7_4.x86_64
Comment 1 Damien Miller 2018-06-01 14:10:30 AEST
There's nothing in ssh/sshd that disables unix domain socket forwarding for root. Could you please attach a debug log from the server of the failure? (sshd -ddd)
Comment 2 Jakub Jelen 2018-06-01 17:43:44 AEST
AFAIK, this is fixed in master, but not yet in RHEL7:

https://github.com/openssh/openssh-portable/commit/5104586
Comment 3 Damien Miller 2021-03-04 09:52:52 AEDT
close bugs that were resolved in OpenSSH 8.5 release cycle