Skip site navigation (1)Skip section navigation (2) 
Date:      27 Aug 2002 10:02:34 -0500
From:      Kirk Strauser <kirk@strauser.com>
To:        freebsd-questions@freebsd.org
Subject:   Weird SSH and Leafnode interaction, or is it FreeBSD?
Message-ID:  <87r8gkibud.fsf@pooh.int>
next in thread | raw e-mail | index | archive | help 
I'm using Leafnode on a 4.6-STABLE system to fetch news from a few
newsservers, one of which I can only reach my setting up an SSH forwarding
via a remote computer.  I have the following SSH host set up in
~news/.ssh/config to make the ssh command line simpler:

Host somenewshost
    Hostname remote.work.station
    User myusername
    Compression yes
    Protocol 1
    LocalForward 1119 remote.news.server:119

Then, I can establish the forwarding tunnel by typing:

    news@news:~$ ssh -f news-isp2k sleep 20 > /dev/null
    news@news:~$ telnet localhost 1119
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    200 Powered by Twister -- http://www.bcandid.com/ (Twister v1.2.0)
    quit
    205 GoodBye
    Connection closed by foreign host.

This works perfectly from the command line, but I can't make it work from
within Leafnode.  For testing, I sometimes run `fetchnews' as root, in which
case I use this Leafnode config line:

 preconnect = su news -c "ssh -f somenewshost sleep 20 > /dev/null"

...and sometimes I run it as news, and I use:

 preconnect = ssh -f somenewshost sleep 20 > /dev/null

This works pretty well... if and only if I run `fetchnews' as root:

    root@news:~# fetchnews 
    root@news:~# 

However I always get an error if I run `fetchnews' as news:

    news@news:~$ fetchnews
    setreuid: Operation not permitted
    setregid: Operation not permitted
    news@news:~$ 

For whatever reason, Leafnode can only establish the SSH tunnel if I launch
it as root.  I don't really want to put fetchnews in root's crontab, but I
can't seem to make it work when running as news.  Any thoughts?
-- 
Kirk Strauser

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87r8gkibud.fsf>