[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] New Qube2 Security Patch: Vacation Mail Exploit 3.0.1
- Subject: Re: [cobalt-security] New Qube2 Security Patch: Vacation Mail Exploit 3.0.1
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Mon, 23 Oct 2000 21:52:11 -0500
- Organization: anonymous
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sun, 22 Oct 2000 00:28:40 -0700, "James Hoaggs" <james_hoaggs@xxxxxxxxxx>
wrote:
[snip]
:>BTW, has anyone installed the OpenSSH Server Release 2.1.1p2 and 2.1.1p1
:>packages from http://pkg.nl.cobalt.com/ ?
:>There are 2 packages instructed for install for the Qubes and Raqs, Server(p2)
:>and Client(p1), though SSH Server works if you just install the Server(p2)
:>package. What is the reason to install the client package on the Server
:>described as "Optionally you can extend this software with the available
:>client pkg"? Does it mean that you can telnet in and then use a SSH client
:>on the Server to SSH to another machine?
:>Thanks for the clarification,
I just uninstalled ssh-1.2.27 (executed . /var/lib/cobalt/SSH1227 uninstaller)
and then installed the server package. I did not install the client package
because it is unlikely that I will need to ssh out of the server to somewhere
else.
Everything seems to work as before with ssh1. I can port forward my browser
via localhost:8081 to 81. I can set up a ssh2 connection. However, when I try
to set up a browser port forward as before, I get a message fro SecureCRT that
says, "Could not start port forwarding from local service 8081 to ip.81. The
action requested is administratively prohibited.
I am using SecureCRT on a Win2KPro system. For the life of me, I cannot find
where in administrative policies that such a session is prohibited. It is
particularity confusing since it only happens with ssh2, but not with ssh1.
Can anyone shed any light as to how to fix this?
Thanks, Mike.