From owner-freebsd-questions Tue Aug 27 8: 3:55 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 496BB37B400 for ; Tue, 27 Aug 2002 08:03:52 -0700 (PDT) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69EC443E81 for ; Tue, 27 Aug 2002 08:03:51 -0700 (PDT) (envelope-from kirk@strauser.com) Received: from pooh.int (mail@pooh.int [10.0.1.2]) by kanga.honeypot.net (8.12.5/8.12.5) with ESMTP id g7RF2YR7070275 for ; Tue, 27 Aug 2002 10:02:34 -0500 (CDT) (envelope-from kirk@strauser.com) Received: from kirk by pooh.int with local (Exim 3.35 #1 (Debian)) id 17jhrW-0000j7-00 for ; Tue, 27 Aug 2002 10:02:34 -0500 To: freebsd-questions@freebsd.org Subject: Weird SSH and Leafnode interaction, or is it FreeBSD? From: Kirk Strauser Date: 27 Aug 2002 10:02:34 -0500 Message-ID: <87r8gkibud.fsf@pooh.int> Lines: 51 X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm using Leafnode on a 4.6-STABLE system to fetch news from a few newsservers, one of which I can only reach my setting up an SSH forwarding via a remote computer. I have the following SSH host set up in ~news/.ssh/config to make the ssh command line simpler: Host somenewshost Hostname remote.work.station User myusername Compression yes Protocol 1 LocalForward 1119 remote.news.server:119 Then, I can establish the forwarding tunnel by typing: news@news:~$ ssh -f news-isp2k sleep 20 > /dev/null news@news:~$ telnet localhost 1119 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 200 Powered by Twister -- http://www.bcandid.com/ (Twister v1.2.0) quit 205 GoodBye Connection closed by foreign host. This works perfectly from the command line, but I can't make it work from within Leafnode. For testing, I sometimes run `fetchnews' as root, in which case I use this Leafnode config line: preconnect = su news -c "ssh -f somenewshost sleep 20 > /dev/null" ...and sometimes I run it as news, and I use: preconnect = ssh -f somenewshost sleep 20 > /dev/null This works pretty well... if and only if I run `fetchnews' as root: root@news:~# fetchnews root@news:~# However I always get an error if I run `fetchnews' as news: news@news:~$ fetchnews setreuid: Operation not permitted setregid: Operation not permitted news@news:~$ For whatever reason, Leafnode can only establish the SSH tunnel if I launch it as root. I don't really want to put fetchnews in root's crontab, but I can't seem to make it work when running as news. Any thoughts? -- Kirk Strauser To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message