access to cups impossible with SSH tunnels #3912

Closed
michaelrsweet opened this Issue Aug 3, 2011 · 2 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Aug 3, 2011

Version: 1.4.3
CUPS.org User: Uqbar

For technical reason I need to print from local CUPS to a remote CUPS printer.
The access is done through an SSH tunnel.
The remote CUPS says:
Request from "localhost" using invalid Host: field "172.16.1.1"

where 172.16.1.1 is a local dummy interface used by SSH to forward traffic to the remote CUPS.
For the sake of completeness, the tunnel is opened from the remote CUPS machine to the local one with a commmand like this:

ssh -C -N -T -R 172.16.1.1:631:127.0.0.1:631 -L 8080:127.0.0.1:631 root@localmachine

I think this very bug is related to this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027

Collaborator

michaelrsweet commented Aug 4, 2011

CUPS.org User: mike

This configuration is not supported and supporting it would involve opening up cupsd to local browser-based attacks, which we went to great effort to block.

Not to be fixed.

Collaborator

michaelrsweet commented Sep 21, 2011

CUPS.org User: brunoc68

It is problematic : I use freenx via a ssh-tunnel through a gateway, and I am not able to print locally. I suspect it is because of this issue, because the cups connection doesn't work "manually" ("...using invalid Host:...").
I found a workaround which is to make 2 ssh tunnels instead of one, so that on both ends there is "localhost:631".
This is very complicated in the end : is there really no way to disable this security feature ? The directive "ServerAlias *" doesn't help at all in my case.

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment