openssh bugs - Dec 2017 - [Bug 2812] New: Stream Local forwarding not working for root user

https://bugzilla.mindrot.org/show_bug.cgi?id=2812

            Bug ID: 2812
           Summary: Stream Local forwarding not working for root user
           Product: Portable OpenSSH
           Version: 7.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: hussein.galal.ahmed.11 at gmail.com

Operating System: 
# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)


opening ssh tunnel to a socket on RHEL/Centos machine with root user
doesn't work and result in the following error when trying to use the
locally created socket:

# ssh -nNT -L $(pwd)/docker.sock:/var/run/docker.sock
root at 35.184.111.96
channel 1: open failed: administratively prohibited: open failed
channel 1: open failed: administratively prohibited: open failed


Normal users works correctly, and doesn't cause this error.

# rpm -qa | grep openssh-server
openssh-server-7.4p1-13.el7_4.x86_64

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2812

Hussein Galal <hussein.galal.ahmed.11 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|enhancement                 |major
                 CC|                            |hussein.galal.ahmed.11 at gmai
                   |                            |l.com
           Hardware|Other                       |All
           Priority|P5                          |P3

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2812

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
There's nothing in ssh/sshd that disables unix domain socket forwarding
for root. Could you please attach a debug log from the server of the
failure? (sshd -ddd)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2812

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
AFAIK, this is fixed in master, but not yet in RHEL7:

https://github.com/openssh/openssh-portable/commit/5104586

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2812

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.