Debian Bug report logs - #153154
ssh: X11 display forwarding is broken when ipV6 is enabled

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for ssh is src:openssh (PTS, buildd, popcon).

Reported by: Heanet Admin Role Account <heanet@keyhole.heanet.ie>

Date: Tue, 16 Jul 2002 12:18:19 UTC

Severity: important

Tags: patch

Merged with 152545

Found in versions 3.4p1-1, 1:3.6.1p1-1, 1:3.4p1-2

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://bugzilla.mindrot.org/show_bug.cgi?id=164

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#153154; Package ssh. (full text, mbox, link).

Acknowledgement sent to Heanet Admin Role Account <heanet@keyhole.heanet.ie>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: ssh
Version: 1:3.4p1-2
Severity: important

when you ssh into a v6 enabled host, whose sshd is listening in both v4 and v6 
ports. It will create ::1 6010 as the X server port but it set's DISPLAY to be
"localhost:10.0" which resolves to 127.0.0.1.

This happens even if you are connecting to the v4 socket.

Since Xlibs does not support v6 address at the minute, maybe it could always
create the X11 port on 127.0.0.1



-- System Information
Debian Release: 3.0
Kernel Version: Linux keyhole 2.4.18-0.1 #1 Mon Jul 8 10:15:52 IST 2002 i686 unknown unknown GNU/Linux

Versions of the packages ssh depends on:
ii  adduser        3.47           Add and remove users and groups
ii  debconf        1.1.17         Debian configuration management system
ii  libc6          2.2.5-10.0     GNU C Library: Shared libraries and Timezone
ii  libpam-modules 0.72-35        Pluggable Authentication Modules for PAM
ii  libpam0g       0.72-35        Pluggable Authentication Modules library
ii  libssl0.9.6    0.9.6d-1       SSL shared libraries
ii  libwrap0       7.6-9          Wietse Venema's TCP wrappers library
ii  zlib1g         1.1.4-1        compression library - runtime

--- Begin /etc/ssh/ssh_config (modified conffile)
 Host *
   ForwardAgent no
   ForwardX11 no
   RhostsAuthentication no
   RhostsRSAAuthentication no
   RSAAuthentication yes
   PasswordAuthentication yes
   BatchMode no
   CheckHostIP yes
   StrictHostKeyChecking ask
   IdentityFile ~/.ssh/identity
   IdentityFile ~/.ssh/id_rsa
   IdentityFile ~/.ssh/id_dsa
   Port 22
   Protocol 2
   Cipher 3des
   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
   EscapeChar ~

--- End /etc/ssh/ssh_config

--- Begin /etc/init.d/ssh (modified conffile)
#! /bin/sh
test -x /usr/sbin/sshd || exit 0
( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
if [ -e /etc/ssh/sshd_not_to_be_run ]; then 
    echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
    exit 0
fi
check_config() {
	/usr/sbin/sshd -t || exit 1
}
case "$1" in
  start)
	test -f /etc/ssh/sshd_not_to_be_run && exit 0
	if [ ! -d /var/run/sshd ]; then
	    mkdir /var/run/sshd; chmod 0755 /var/run/sshd
	fi
        echo -n "Starting OpenBSD Secure Shell server: sshd"
	start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- -6
        echo "."
	;;
  stop)
        echo -n "Stopping OpenBSD Secure Shell server: sshd"
	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid
        echo "."
	;;
  reload|force-reload)
  	test -f /etc/ssh/sshd_not_to_be_run && exit 0
	check_config
        echo -n "Reloading OpenBSD Secure Shell server's configuration"
	start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
	echo "."
	;;
  restart)
  	test -f /etc/ssh/sshd_not_to_be_run && exit 0
	check_config
        echo -n "Restarting OpenBSD Secure Shell server: sshd"
	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid
	sleep 2
	start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
	echo "."
	;;
  *)
	echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart}"
	exit 1
esac
exit 0

--- End /etc/init.d/ssh

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#153154; Package ssh. (full text, mbox, link).

Acknowledgement sent to Jasper Spaans <jasper@spaans.ds9a.nl>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. (full text, mbox, link).

Message #10 received at 153154@bugs.debian.org (full text, mbox, reply):

A simple workaround for this problem is adding the line

X11UseLocalhost no

to your sshd_config; this causes the server not to bind to an [ipv6-]address
so your x programs can connect using any ip-address bound to you machine.
-- 
Jasper Spaans
http://jsp.ds9a.nl/contact/
Tel/Fax: +31-84-8749842
``Got no clue? Too bad for you.''

Merged 152545 153154. Request was from Marco d'Itri <md@Linux.IT> to control@bugs.debian.org. (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#153154; Package ssh. (full text, mbox, link).

Acknowledgement sent to Marco d'Itri <md@Linux.IT>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. (full text, mbox, link).

Message #17 received at 153154@bugs.debian.org (full text, mbox, reply):

tag 153154 patch
thanks

This patch fixes the bug. Please apply.

--- channels.c.orig     Sat Aug  3 13:40:52 2002
+++ channels.c  Sat Aug  3 13:51:54 2002
@@ -2351,7 +2351,7 @@
            display_number++) {
                port = 6000 + display_number;
                memset(&hints, 0, sizeof(hints));
-               hints.ai_family = IPv4or6;
+               hints.ai_family = AF_INET; /* xlib does not support IPv6 */
                hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
                hints.ai_socktype = SOCK_STREAM;
                snprintf(strport, sizeof strport, "%d", port);

-- 
ciao,
Marco

Tags added: patch Request was from Marco d'Itri <md@Linux.IT> to control@bugs.debian.org. (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#153154; Package ssh. (full text, mbox, link).

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. (full text, mbox, link).

Message #24 received at 153154@bugs.debian.org (full text, mbox, reply):

forwarded 153154 http://bugzilla.mindrot.org/show_bug.cgi?id=164
thanks

On Sat, Aug 03, 2002 at 01:52:20PM +0200, Marco d'Itri wrote:
> tag 153154 patch
> thanks
> 
> This patch fixes the bug. Please apply.
> 
> --- channels.c.orig     Sat Aug  3 13:40:52 2002
> +++ channels.c  Sat Aug  3 13:51:54 2002
> @@ -2351,7 +2351,7 @@
>             display_number++) {
>                 port = 6000 + display_number;
>                 memset(&hints, 0, sizeof(hints));
> -               hints.ai_family = IPv4or6;
> +               hints.ai_family = AF_INET; /* xlib does not support IPv6 */
>                 hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
>                 hints.ai_socktype = SOCK_STREAM;
>                 snprintf(strport, sizeof strport, "%d", port);

I've suggested this patch to upstream's Bugzilla.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Noted your statement that Bug has been forwarded to http://bugzilla.mindrot.org/show_bug.cgi?id=164. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#153154; Package ssh. (full text, mbox, link).

Acknowledgement sent to Darren Tucker <dtucker@zip.com.au>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).

Message #31 received at 153154@bugs.debian.org (full text, mbox, reply):

Hi.
	This bug is believed fixed (some time ago) and the upstream bug is now 
closed.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Heanet Admin Role Account <heanet@keyhole.heanet.ie>:
Bug acknowledged by developer. (full text, mbox, link).

Message #36 received at 153154-done@bugs.debian.org (full text, mbox, reply):

On Mon, May 10, 2004 at 04:40:16PM +1000, Darren Tucker wrote:
> 	This bug is believed fixed (some time ago) and the upstream bug is 
> 	now closed.

Yes, that's my belief too from my own systems. Closing, thanks.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Mar 25 17:06:27 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #153154 ssh: X11 display forwarding is broken when ipV6 is enabled

Debian Bug report logs - #153154
ssh: X11 display forwarding is broken when ipV6 is enabled