Phil Groce

SSH: "open failed: administratively prohibited"

Apparently, you can get this error for a number of reasons . The obvious one is that you don’t have AllowTCPForwarding set in your sshd_config. A less obvious but probably more common one—which bit me earlier today, which is why I write this—is that you’ve misspelled a host name. To wit, this:


ssh example.com -L8000:locahost:80

…is not the same as:


ssh example.com -L8000:localhost:80

(Discussing this with my colleagues prompted a joke about living “La Vida Local.” Finally, a Ricky Martin song for shut-ins.)

PyBlosxom Recent Posts Plugin

I’ve been using PyBlosxom to run this blog and, increasingly, the static content of the site.

PyBlosxom tries to do as little as possible in the core, saving most features for its plugin framework. Nice technically, but leaving features up to “the community” to implement sometimes leaves some frustrating holes, as I discovered when I searched in vain for a plugin to implement “recent posts” functionality.

The upside is that it was really easy to implement—about 100 lines of Python. It’s available from the software page if you want to run it yourself; if you have any questions about it, feel free to contact me. about it.

Update: I posted about my plugin to pyblosxom-devel and they added it to the plugins list. w00t, as the kids say. If you’re coming here looking for more information on the plugin, I suggest you read the docstring comments of the plugin itself.

Update your Flash Plugins!

Flash is a dangerous little piece of software. It’s ubiquitous enough that an attacker can get quite a return from exploiting it, but (like most other browser plugins, sadly) it’s not always on people’s radar to keep updated.

As if that wasn’t bad enough, Will Dormann from CERT points out that even when you think to do it, keeping Flash updated can be tricky:

It is important to realize that a system may contain several instances of the Adobe Flash Player. The Adobe Flash Player plug-in installer for Windows will install only the Netscape-style plug-in for Flash, which is used by Mozilla Firefox, Opera, and other browsers that support plug-ins. The Adobe Flash Player ActiveX installer for Windows will install only the ActiveX version of Flash, which is used by Internet Explorer and other programs that use Internet Explorer components.

Firefox’s plugin flexibility further complicates matters:

Another cause for confusion is that Firefox allows plug-ins to be installed either system-wide or in a specific user’s profile. As a result, a Flash plug-in that was installed in one manner may not be updated properly if the new version of Flash is installed in a different manner. Other browsers may have similar issues.

Will concludes by advocating that you, ”[a]t the very least, make sure that you have attempted to upgrade to the latest version of Adobe Flash.” And while you’re at it, Lord Cardigan, could you just ride your horses through that valley over there ?

At any rate, make the effort, like the man said. Flash is a dangerous little piece of software.