Bug#527969: marked as done (openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses)
Your message dated Mon, 11 May 2009 13:56:31 -0700
with message-id <20090511205117.GA31405@tapdance>
and subject line Re: Bug#527969: Acknowledgement (openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses)
has caused the Debian Bug report #527969,
regarding openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
527969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527969
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:5.1p1-5+b1
Severity: normal
Hi,
There seems to be a problem in the ssh -D SOCKS proxy which is triggered by some
eccentricity in login.facebook.com's DNS entry.
Below are three illustrations of how that DNS entry is behaving, taken from
different places on the net. In each case a DNS query gives one valid A
record response before triggering an error condition. I don't know what it is
about facebook's DNS servers that is causing this.
A regular web browser will cope with the error condition and connect to the IP
address in question. A web browser talking SOCKS over ssh -D will fail to
connect to the IP address.
host login.facebook.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
--------------------
login.facebook.com has address 69.63.180.173
;; connection timed out; no servers could be reached
host login.facebook.com 192.168.1.1
Using domain server:
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases:
login.facebook.com has address 69.63.176.138
Host login.facebook.com not found: 2(SERVFAIL)
--------------------
host login.facebook.com 64.127.100.11
Using domain server:
Name: 64.127.100.11
Address: 64.127.100.11#53
Aliases:
login.facebook.com has address 69.63.180.174
;; connection timed out; no servers could be reached
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.28-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii add 3.110 add and remove users and groups
ii deb 1.5.19 Debian configuration management sy
ii dpk 1.14.26 Debian package management system
ii lib 2.9-4 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries - k
ii lib 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries - C
ii lib 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries
ii lib 0.79-5 Pluggable Authentication Modules f
ii lib 0.79-5 Runtime support for the PAM librar
ii lib 0.99.7.1-5 Pluggable Authentication Modules l
ii lib 2.0.59-1 SELinux shared libraries
ii lib 0.9.8g-16 SSL shared libraries
ii lib 7.6.dbs-13 Wietse Venema's TCP wrappers libra
ii lsb 3.2-22 Linux Standard Base 3.2 init scrip
ii ope 0.1.0 list of blacklisted OpenSSH RSA an
ii ope 1:5.1p1-5+b1 secure shell client, an rlogin/rsh
ii pro 1:3.2.7-3 /proc file system utilities
ii zli 1:1.2.3.3.dfsg-13 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.2-2 X authentication utility
-- debconf-show failed
--
Peter Eckersley pde@eff.org
Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
--- End Message ---
--- Begin Message ---
- To: 527969-done@bugs.debian.org
- Subject: Re: Bug#527969: Acknowledgement (openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses)
- From: Peter Eckersley <pde@eff.org>
- Date: Mon, 11 May 2009 13:56:31 -0700
- Message-id: <20090511205117.GA31405@tapdance>
- In-reply-to: <handler.527969.B.124190056423668.ack@bugs.debian.org>
- References: <[🔎] 20090509202236.GA19669@tapdance> <handler.527969.B.124190056423668.ack@bugs.debian.org>
Upon further examination, the server on which I was seeing this problem was
running an older ssh daemon. I can't reproduce it with the latest
openssh-server.
On Sat, May 09, 2009 at 08:27:03PM +0000, Debian Bug Tracking System wrote:
>
> Thank you for filing a new Bug report with Debian.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
> Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
>
> If you wish to submit further information on this problem, please
> send it to 527969@bugs.debian.org, as before.
>
> Please do not send mail to owner@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
>
>
> --
> 527969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527969
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems
--
Peter Eckersley pde@eff.org
Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
--- End Message ---
Reply to: