Re: 5.2p1 no longer sets DISPLAY

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Parsons, Rick wrote:
Hi, I have Solaris 8+ systems with a working OpenSSH 3.9p1 build which
work perfectly. We set X11Forwarding to yes in the config and get
DISPLAY=localhost:10.0 allowing X tunnelling back.

I have just recently built OpenSSH 5.2p1 and installed sshd on some
machines and now the DISPLAY env variable is not set at all. As far as I
can tell, nothing else has changed (account dot files are the same,
client ssh is still 3.9p1 and sshd_config is the same). The only way I
can get DISPLAY to work is to set X11UseLocalhost to no in sshd_config
and then it gets <hostname>:10.0 and works just fine.

I have tried forcing X11DisplayOffset and XAuthLocation (and checked
that it was right). I have tried ssh -X (though that is the default) and
ssh -Y and none of these make any difference. The messages from -vv show
the two calls to xauth followed by "Requesting X11 forwarding with
authentication spoofing" and "channel 0: request x11-req confirm 0" just
the same as the working version.

I can only presume that I have done something wrong with the build but
can't see what. Any ideas please?

Try adding "AddressFamily inet" to sshd_config and restarting.

If that works: what's happening is that the OS is asked for a list of addresses for localhost and is returning a list that includes the inet6 address, however attempting to bind to it fails. Previously sshd would ignore this failure, but that allows third parties to bind to inet6 ports in the X11 forwarding range and potentially hijack X connections. For more detail see the 5.1 release notes (http://www.openssh.com/txt/release-5.1).


--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Hikes]     [KDE Users]     [Gnome Users]

  Powered by Linux