[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#527969: marked as done (openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses)

Your message dated Mon, 11 May 2009 13:56:31 -0700
with message-id <20090511205117.GA31405@tapdance>
and subject line Re: Bug#527969: Acknowledgement (openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses)
has caused the Debian Bug report #527969,
regarding openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
527969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527969
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:5.1p1-5+b1
Severity: normal

Hi, 

There seems to be a problem in the ssh -D SOCKS proxy which is triggered by some
eccentricity in login.facebook.com's DNS entry.

Below are three illustrations of how that DNS entry is behaving, taken from
different places on the net.  In each case a DNS query gives one valid A
record response before triggering an error condition.  I don't know what it is
about facebook's DNS servers that is causing this.

A regular web browser will cope with the error condition and connect to the IP
address in question.  A web browser talking SOCKS over ssh -D will fail to
connect to the IP address.

host login.facebook.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases: 
--------------------

login.facebook.com has address 69.63.180.173
;; connection timed out; no servers could be reached

host login.facebook.com 192.168.1.1
Using domain server:
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases: 

login.facebook.com has address 69.63.176.138
Host login.facebook.com not found: 2(SERVFAIL)

--------------------
host login.facebook.com 64.127.100.11
Using domain server:
Name: 64.127.100.11
Address: 64.127.100.11#53
Aliases: 

login.facebook.com has address 69.63.180.174
;; connection timed out; no servers could be reached



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.28-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  add 3.110                                add and remove users and groups
ii  deb 1.5.19                               Debian configuration management sy
ii  dpk 1.14.26                              Debian package management system
ii  lib 2.9-4                                GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.6.dfsg.4~beta1-13                  MIT Kerberos runtime libraries - k
ii  lib 1.6.dfsg.4~beta1-13                  MIT Kerberos runtime libraries - C
ii  lib 1.6.dfsg.4~beta1-13                  MIT Kerberos runtime libraries
ii  lib 0.79-5                               Pluggable Authentication Modules f
ii  lib 0.79-5                               Runtime support for the PAM librar
ii  lib 0.99.7.1-5                           Pluggable Authentication Modules l
ii  lib 2.0.59-1                             SELinux shared libraries
ii  lib 0.9.8g-16                            SSL shared libraries
ii  lib 7.6.dbs-13                           Wietse Venema's TCP wrappers libra
ii  lsb 3.2-22                               Linux Standard Base 3.2 init scrip
ii  ope 0.1.0                                list of blacklisted OpenSSH RSA an
ii  ope 1:5.1p1-5+b1                         secure shell client, an rlogin/rsh
ii  pro 1:3.2.7-3                            /proc file system utilities
ii  zli 1:1.2.3.3.dfsg-13                    compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.2-2  X authentication utility

-- debconf-show failed

-- 
Peter Eckersley                            pde@eff.org
Staff Technologist                Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

--- End Message ---
--- Begin Message --- 
Upon further examination, the server on which I was seeing this problem was
running an older ssh daemon.  I can't reproduce it with the latest
openssh-server.

On Sat, May 09, 2009 at 08:27:03PM +0000, Debian Bug Tracking System wrote:
> 
> Thank you for filing a new Bug report with Debian.
> 
> This is an automatically generated reply to let you know your message
> has been received.
> 
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
> 
> Your message has been sent to the package maintainer(s):
>  Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
> 
> If you wish to submit further information on this problem, please
> send it to 527969@bugs.debian.org, as before.
> 
> Please do not send mail to owner@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
> 
> 
> -- 
> 527969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527969
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems

-- 
Peter Eckersley                            pde@eff.org
Staff Technologist                Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

--- End Message ---
Reply to: