Bug 2812 - Stream Local forwarding not working for root user
Summary: Stream Local forwarding not working for root user
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.4p1
Hardware: All Linux
: P3 major
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-14 05:46 AEDT by Hussein Galal
Modified: 2021-03-04 09:52 AEDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hussein Galal 2017-12-14 05:46:35 AEDT 
Operating System: 
# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)


opening ssh tunnel to a socket on RHEL/Centos machine with root user doesn't work and result in the following error when trying to use the locally created socket:

# ssh -nNT -L $(pwd)/docker.sock:/var/run/docker.sock root@35.184.111.96
channel 1: open failed: administratively prohibited: open failed
channel 1: open failed: administratively prohibited: open failed


Normal users works correctly, and doesn't cause this error.

# rpm -qa | grep openssh-server
openssh-server-7.4p1-13.el7_4.x86_64
Comment 1 Damien Miller 2018-06-01 14:10:30 AEST 
There's nothing in ssh/sshd that disables unix domain socket forwarding for root. Could you please attach a debug log from the server of the failure? (sshd -ddd)
Comment 2 Jakub Jelen 2018-06-01 17:43:44 AEST 
AFAIK, this is fixed in master, but not yet in RHEL7:

https://github.com/openssh/openssh-portable/commit/5104586
Comment 3 Damien Miller 2021-03-04 09:52:52 AEDT 
close bugs that were resolved in OpenSSH 8.5 release cycle