Bug 495

Summary: local port forwards start before authentication is complete (password auth)
Product: Portable OpenSSH Reporter: Robert Haig <rhaig>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED WORKSFORME    
Severity: security    
Priority: P2    
Version: -current   
Hardware: ix86   
OS: Linux   

Description Robert Haig 2003-02-18 08:00:44 AEDT 
when doing a local port forward (ssh www.foo.com -L8080:localhost:80) the
forward becomes active before the authentication is complete.

repeat by running the above command to your server that is running ssh and a web
server, before entering the password (but after the password prompt appears),
open the local end of the port forward, and observe it's operability (if it's a
web server, "GET /").  This is without any keys in place or the password being
entered.
Comment 1 Damien Miller 2003-02-18 10:37:16 AEDT 
I can't replicate this with 3.5p1. Please attach a debug trace from the server
(run as "sshd -d -d -d") accepting a forward connection prior to password
authentication.
Comment 2 Robert Haig 2003-02-19 03:59:27 AEDT 
now I can't reproduce.

I guess I also discovered cold fusion.  :)

If I can reproduce at a later time, I'll be sure to take the debug trace requested.

wow.  I feel like a user.  ick.
Comment 3 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED