bugzilla-daemon at mindrot.org
2003-Feb-17 21:00 UTC
[Bug 495] New: local port forwards start before authentication is complete (password auth)
http://bugzilla.mindrot.org/show_bug.cgi?id=495 Summary: local port forwards start before authentication is complete (password auth) Product: Portable OpenSSH Version: 3.5p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: rhaig at hackboy.com when doing a local port forward (ssh www.foo.com -L8080:localhost:80) the forward becomes active before the authentication is complete. repeat by running the above command to your server that is running ssh and a web server, before entering the password (but after the password prompt appears), open the local end of the port forward, and observe it's operability (if it's a web server, "GET /"). This is without any keys in place or the password being entered. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 495] local port forwards start before authentication is complete (password auth)
- [Bug 457] New: SSHD doesn't start when using invalid port numbers
- Using -W with -L (Local Forwarding) and -D (Socks Forwarding)
- [Bug 1267] PermitOpen - Multiple forwards don't works
- [Bug 530] problems with port forwarding