http://bugzilla.opensuse.org/show_bug.cgi?id=1051559 Bug ID: 1051559 Summary: openssh 7.2p2-13.1: unix domain socket forwarding broken for root user Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: x86-64 OS: openSUSE 42.3 Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: opensuse@boris-walter.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When using the local port forwarding option with ssh involving unix domain sockets as root, e.g. # ssh -L/path/to/socket:/path/to/anothersocket root@host shell reports:

channel [0-9]+: open failed: administratively prohibited: open failed

journalctl -f gives more information:

sshd[]: refused streamlocal port forward: originator port 0, target /path/to/anothersocket

Google lead to the file 'serverloop.c' of openssh, and a debian bug report (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858252) claiming the issue was already resolved upstream. The issue wasn't present in vanilla openssh 7.2p2, but the patch file openssh-7.2p2-secure_unix_sockets_forwarding.patch found in the archive http://download.opensuse.org/repositories/openSUSE:/Leap:/42.3/standard/src/... seems to have introduced it. Please backport the upstream fix for this. -- You are receiving this mail because: You are on the CC list for the bug.