tunnelling does not work

Bug #67488 reported by Buz on 2006-10-22
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
putty (Ubuntu)
High
Colin Watson

Bug Description

My OS is Ubuntu Dapper... Using putty 0.58-4 installed via the synaptic package manager, I established an SSH session to another computer over the internet with a localhost tunnel using settings L5900 localhost:5900 to establish a VNC session with the remote computer. Using a windows version of putty installed in Wine on the same computer, the tunnel works perfectly.

CVE References

Buz (tylerwanner) wrote :

Error reported by VNC client when using the ssh tunnel is 'connection refused.'

sanitycheck (gcompton) wrote :

My testing also indicates tunneling in Putty is broken. This is true of 32-bit 6.06 LTS test system and 64-bit 6.10 test system. Both appear to use Putty 0.58-4 version. I also got Windows version to run on same 6.06 LTS 32-bit test system under Wine.

Tunneling is an important feature of Putty. I hope to see it put on the high-priority fix list.

Jared Sutton (jpsutton) wrote :

I can confirm that this is still a bug in Putty 0.60-1 on Gutsy. One thing that sets Putty apart is its ability to easily tunnel through proxies to connect to a destination. Using the OpenSSH client through an HTTP Proxy, for example, requires the use of corkscrew (a separate package) and special client configuration in ~/.ssh/config.

So, without the combination of Putty's ability to tunnel through a proxy, _plus_ it's ability to create tunnels to the destination server, it is of little use to me. :(

Changed in putty:
status: New → Confirmed
Peter Kieser (peter-kieser) wrote :

This bug is still present on Ubuntu 7.10 (Gutsy).

sanitycheck (gcompton) wrote :

I would like to respectfully request this bug be classified as high importance, with the hope that it will be addressed soon. The fact is that Putty is nearly useless without tunneling support, meaning the package is effectively broken. This bug, as identified here, is now well over a year old; and has probably existed since the original package was submitted. Putty is a popular and valuable application, and is well worth the effort to fix it. The package maintainer's consideration will be appreciated.

Jacob Nevins (0jacobnk-ulp) wrote :

I suspect http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/portfwd-addr-family.html is behind these reports. If so, a variety of workarounds are detailed there.

We use PuTTY SSH tunnels to connect for email. I am exploring the possibility of using Ubuntu Hardy as an enduser platform. I looked at the workaround above, Explicitly configure PuTTY to use an IPv4 listening socket (change 'Auto' to 'IPv4'). And tried that. I am still getting a Could not connect to localhost: Connection refused error. I can manually log in to the Unix server and type commands on it so the SSH is working. My local ports are 2143 and 2025 and remote are 143 and 25. If there is a logging or debug mode, I am happy to try to provide more detailed information.

Jacob Nevins (0jacobnk-ulp) wrote :

'portfwd-addr-family' is now fixed upstream (as of r8150). It would probably be easy to backport the fix to 0.60, if that's desired.

@Stephen Northcutt: PuTTY's Event Log would probably be useful. If you're using the GUI, Ctrl+right-click brings up a menu with it on (and you can copy entries by selecting them); if you're using plink, add the "-v" option.

Colin Watson (cjwatson) on 2008-10-24
Changed in putty:
assignee: nobody → kamion
importance: Undecided → High
status: Confirmed → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package putty - 0.60-4

---------------
putty (0.60-4) unstable; urgency=low

  * Build-depend on x11proto-core-dev rather than x-dev (thanks, Lintian).
  * Backport from upstream (r8150, Jacob Nevins; closes: #503186,
    LP: #67488):
    - Fix for portfwd-addr-family: on Unix, when a tunnel is specified as
      "Auto" (rather than IPv4 or IPv6-only; this is the default), try to
      open up listening sockets on both address families, rather than
      (unhelpfully) just IPv6. (And don't open one if the other can't be
      bound, in a nod to CVE-2008-1483.) Based on a patch from Ben A L
      Jemmett.
  * Avoid problems with the -D_FORTIFY_SOURCE=2 default on Ubuntu by
    explicitly ignoring results from a number of calls to read, write, and
    fwrite. (This is pretty ham-handed and I've asked upstream whether they
    have any better ideas for any of these.)

 -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 18 Nov 2008 10:35:35 +0000

Changed in putty:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers