Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > SecureCRT on the Mac

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 05-09-2012, 11:27 AM
atomik atomik is offline
Registered User
 
Join Date: May 2012
Posts: 1
7.0.0 beta (build 281) bug: TFTP cannot bind to port 69

Hi all,

I'm trying SecureCRT for Mac 7.0.0 build 281 and noticed that the new TFTP server won't work.

If enabled, every time I start an ssh connection it say me:

"The TFTP server could not bind to port 69 for the following reason: Permission denied"


Seems there is something wrong with permission when it call the bind() function with a low port like this.
Reply With Quote
  #2  
Old 05-09-2012, 11:40 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,021
Hello atomik,

The port 69 binding issue is something that you will need to resolve on your machine. Mac OS X restricts access to all ports below 1025. I am not sure what steps you will need to take to enable your account to access that port.

Additionally, it is UDP port 69 rather than TCP port 69, so there may be other hurdles you have to clear to get this working.

I suspect that somehow you are going to have to give your account root level access or login as root.

Does this help you find a solution to the OS restriction?

I have added this thread to a feature request in our product enhancement database for a mechanism to elevate the user's credentials when the TFTP server is being used. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Feature Request - Forum Thread #10456" in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 07-01-2012, 05:46 PM
toloughlin's Avatar
toloughlin toloughlin is offline
Senior Member
 
Join Date: Feb 2004
Location: Nashua, NH
Posts: 377
First off, I'm a fan of you guys, as my join date + most non-Vandyke employee posts show, however ... this feature should be pulled from the Mac version because of how out-of-the-flow, using it actually is.

First off, fire up "terminal" (which SecureCRT is most likely replacing).

Then,
#sudo /Applications/SecureCRT.app/Contents/MacOS/SecureCRT
<enter password>

Now, it'll spawn the app with 'root' perms ... as root is disabled by default.

With the sudo method, comes an empty "Config" folder (/var/private/...), so your sessions, button bars, key maps, color schemes & whatnot, are unavailable.

With your new session configured & TFTP checked-off, connect to the new session. At that point, you can netstat -ln | grep 69 and see the listener.

MBP:~ Tom$ netstat -ln | grep 69
udp4 0 0 *.69 *.*

Support -- if there's an easier way, please let me know, else this option will stay off & I'll keep with my free TFTP server app.
__________________
----------------------------------------------
Tom O'Loughlin
Reply With Quote
  #4  
Old 07-02-2012, 12:30 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,021
Hi Tom,

Quote:
First off, I'm a fan of you guys, as my join date + most non-Vandyke employee posts show,
Known, and appreciated.

I have added this thread to a feature request in our product enhancement database to automatically elevate the user to root using credentials from the Mac Keychain (when running the TFTP server on Mac/Linux platforms). Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Feature Request - Forum Thread #10456" in the subject line.


Quote:
Support -- if there's an easier way, please let me know, else this option will stay off & I'll keep with my free TFTP server app.
Do you know the mechanism the free TFTP server app uses to perform elevation?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 11-02-2013, 03:36 PM
wilddev wilddev is offline
Registered User
 
Join Date: Jul 2012
Posts: 3
News?

Any news on when this feature is going to be fixed? It's been over a year and we're now on the beta of 7.2 and it still doesn't work properly.

Thanks
Reply With Quote
  #6  
Old 11-02-2013, 04:12 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,021
Hello wilddev,

The title of the thread is a bit misleading as this is a feature request not a bug.

Mac OS X restricts access to all ports below 1025 so the current implementation of the TFTP server on the Mac operating system may require the user to elevate privileges to root in order for the TFTP server to listen on UDP port 69.

Feature requests are typically prioritized based on a number of factors including, but not limited to, the number of requests and the amount of implementation work required. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Feature Request - Forum Thread #10456" in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 11-05-2013, 09:32 PM
wilddev wilddev is offline
Registered User
 
Join Date: Jul 2012
Posts: 3
It's not true this is a feature request. The feature, TFTP support is already present in the product. It just doesn't work properly unless you run as root which no one does in OS X. This is a _bug_ pure and simple.

It is disingenuous for Van Dyke to claim this is a valid feature of the existing Mac OS X client when it doesn't work for normal user operation. As the original poster said, it should be either removed as a feature until it's made to work right, or preferably fixed so it works properly.

I'm not a programmer, so I have no idea how it should work, but there are literally dozens of programs on my Mac that know how to elevate privileges enough to use a reserved port. Hell I can even run the OS X server on my system which has www, ftp, dns, dhcp and others that use low ports without issue. And I _don't_ have to login as root to run them either.

Come on, this is an open bug with the program for a very long time. Claiming it's a feature enhancement is really just passing the buck.
Reply With Quote
  #8  
Old 11-06-2013, 12:08 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,534
wilddev,

You are correct that many programs on the Mac are able to access low ports without requiring the user to elevate privileges. This is because the Mac allows daemons (launchd) to access privileged ports without being privileged. SecureCRT cannot do this because it's not a daemon.

When we looked into this issue a while back, we thought addressing it would require a fairly large development effort. We have a couple of new ideas that might not require such a large development effort. We will be exploring these ideas soon. I will post more information here as soon as we know more.

Maureen
Reply With Quote
  #9  
Old 11-06-2013, 07:56 PM
wilddev wilddev is offline
Registered User
 
Join Date: Jul 2012
Posts: 3
Thank you a reasoned and reasonable answer. I appreciate it. I will await to hear more news about this from you.
Reply With Quote
  #10  
Old 09-03-2014, 07:08 PM
devrick0 devrick0 is offline
Registered User
 
Join Date: Apr 2005
Posts: 10
Has any progress been made on resolving this? We are a Mac shop with a heavy focus on networks. A proper solution/fix would save a lot of work around headaches.
Reply With Quote
  #11  
Old 09-04-2014, 02:45 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,534
We implemented something, but the feedback from testers was that it wasn't they were expecting, so we're planning to go back to the drawing board and see if we can implement a different solution.

Maureen
Reply With Quote
  #12  
Old 09-04-2014, 07:47 PM
devrick0 devrick0 is offline
Registered User
 
Join Date: Apr 2005
Posts: 10
If you need a tester, feedback, etc., let me know. I have a team willing to devote time and provide feedback. We would love to have this solution built into SecureCRT versus some of the work arounds we are performing today.
Reply With Quote
  #13  
Old 09-05-2014, 10:40 AM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,534
Quote:
Originally Posted by devrick0 View Post
If you need a tester, feedback, etc., let me know. I have a team willing to devote time and provide feedback. We would love to have this solution built into SecureCRT versus some of the work arounds we are performing today.
Thanks for the offer. Please send an email to me at Maureen.Jett@vandyke.com so that I can contact you directly.

Maureen
Reply With Quote
  #14  
Old 11-19-2014, 12:05 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,534
We have a pre-beta version of SecureCRT for Mac OS X that has a TFTP helper app that automatically prompts for credentials so that it's possible to bind to port 69. If you'd like to try it, please send email to me at Maureen.Jett@vandyke.com.

Maureen
Reply With Quote
  #15  
Old 04-08-2015, 06:35 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,534
The ability to start and stop the TFTP server manually as well as options for starting the TFTP server at the global level (instead of at the session level) have been added to a pre-beta version of SecureCRT. If you would be interested in trying it, please send email to me at Maureen.Jett@vandyke.com.

Maureen
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 03:45 AM.