Debian Bug report logs - #237021
X11-forwarding not working

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kenneth Johansson <ken@switchboard.ericsson.se>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: X11-forwarding not working

Date: Tue, 09 Mar 2004 12:31:41 +0100

Package: ssh
Version: 1:3.8p1-1
Severity: important
Tags: sid

After uppgrading X11-forwarding stoped working when using the ssh client.

Tried against solaris 8, debian woody and to localhost and never got X forwarding to work. 

I have not changes any configuration files.

text mode still works OK. DISPLAY is correct as far as I can see. 




-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.18-686
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.4.14       Debian configuration management sy
ii  dpkg                        1.10.19      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-15      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-15      Runtime support for the PAM librar
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-4    compression library - runtime

-- debconf information:
* ssh/privsep_tell: 
* ssh/insecure_rshd: 
  ssh/privsep_ask: true
* ssh/ssh2_keys_merged: 
* ssh/user_environment_tell: 
* ssh/forward_warning: 
* ssh/insecure_telnetd: 
* ssh/new_config: true
  ssh/ancient_version: 
* ssh/use_old_init_script: true
* ssh/protocol2_only: false
  ssh/rootlogin_warning: 
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true
* ssh/upgrade_to_openssh: true
* ssh/SUID_client: true

This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

Message #10 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org

Subject: Re: Bug#237021: X11-forwarding not working

Date: Tue, 9 Mar 2004 12:26:42 +0000

On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> Package: ssh
> Version: 1:3.8p1-1
> Severity: important
> Tags: sid
> 
> After uppgrading X11-forwarding stoped working when using the ssh client.

What are you trying to do?

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Message #15 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>

To: Colin Watson <cjwatson@debian.org>

Cc: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org

Subject: Re: Bug#237021: X11-forwarding not working

Date: Tue, 09 Mar 2004 13:49:40 +0100

[Message part 1 (text/plain, inline)]

On Tue, 2004-03-09 at 13:26, Colin Watson wrote:
> On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> > Package: ssh
> > Version: 1:3.8p1-1
> > Severity: important
> > Tags: sid
> > 
> > After uppgrading X11-forwarding stoped working when using the ssh client.
> 
> What are you trying to do?

start xterm. basically I do "ssh -X <host>" then type xterm after login.
But no x program I tried work.

I have attached the output of "strace -t -o log.txt xterm" from within
the ssh session. 



 

This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

[log.txt (text/plain, attachment)]

Message #20 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Ben Korvemaker <korvemaker@sympatico.ca>

To: Debian Bug Tracking System <237021@bugs.debian.org>

Cc: Kenneth Johansson <ken@switchboard.ericsson.se>

Subject: ssh: Why X11Forward isn't working

Date: Tue, 9 Mar 2004 08:49:17 -0500

Package: ssh
Version: 1:3.8p1-1
Severity: normal
Followup-For: Bug #237021

There's a new option in ssh, ForwardX11Trusted. The command line portion
is -Y. It's mentioned in ssh(1) and documented more in ssh_config(5).
Unfortunately, it's not mentioned under the "X11 and TCP forwarding"
section in ssh(1).

I've yet to dig into all the details of how this is different from
before and why it was neccessary to do so. Anyone who wants to enlighten
me on this topic can.

Ben
-- 
Ben Korvemaker
korvemaker@sympatico.ca
31AB 75AD 4CBF C164 1963         A Boeing 747s wingspan is longer than
A674 1C53 0733 C855 8011           the Wright brother's first flight.

Message #25 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Carsten Luedtke <acid_man@web.de>

To: Debian Bug Tracking System <237021@bugs.debian.org>

Subject: ssh: I have similar problems

Date: Tue, 09 Mar 2004 14:56:30 +0100

Package: ssh
Version: 1:3.8p1-1
Severity: normal
Followup-For: Bug #237021

I have similar problems in sid. I have roblems with gkrellm (directly forwarded 
without gkrellmd) and tkseti.

Gkrellm works expect for the seti plugin (not part of debian now). If I move my 
mouse over the plugin gkrellm + the ssh session will be killed. The output on a 
gnome-terminal:

acidman@mr-data:~$ gkrellm
The program 'gkrellm' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadWindow (invalid Window parameter)'.
    (Details: serial 3401 error_code 3 request_code 38 minor_code 0)
    (Note to programmers: normally, X errors are reported asynchronously;
    that is, you will receive the error a while after causing it.
    To debug your program, run it with the --sync command line
    option to change this behavior. You can then get a meaningful
    backtrace from your debugger if you break on the gdk_x_error() function.)
acidman@mr-data:~$

For tkseti i get the following output:

acidman@mr-data:~$ tkseti
X Error of failed request:  BadAtom (invalid Atom parameter)
    Major opcode of failed request:  20 (X_GetProperty)
    Atom id in failed request:  0x1b6
    Serial number of failed request:  11
    Current serial number in output stream:  11
acidman@mr-data:~$

This is since the last update of ssh on my sid box. The problems occure on my 
sarge box (mr-data). I have tried to connect with password- and pubkey-auth.
Maybe the new PAM-stuff in this version doesn't work as expected with 
X11-forwarding. 

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.2
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.4.14       Debian configuration management sy
ii  dpkg                        1.10.19      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-15      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-15      Runtime support for the PAM librar
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-4    compression library - runtime

-- debconf information:
  ssh/insecure_rshd: 
  ssh/privsep_ask: true
  ssh/user_environment_tell: 
* ssh/forward_warning: 
  ssh/insecure_telnetd: 
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/SUID_client: true
* ssh/privsep_tell: 
  ssh/ssh2_keys_merged: 
* ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true

Message #30 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>

Cc: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org

Subject: Re: Bug#237021: X11-forwarding not working

Date: Tue, 9 Mar 2004 14:12:56 +0000

On Tue, Mar 09, 2004 at 01:49:40PM +0100, Kenneth Johansson wrote:
> On Tue, 2004-03-09 at 13:26, Colin Watson wrote:
> > On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> > > Package: ssh
> > > Version: 1:3.8p1-1
> > > Severity: important
> > > Tags: sid
> > > 
> > > After uppgrading X11-forwarding stoped working when using the ssh client.
> > 
> > What are you trying to do?
> 
> start xterm. basically I do "ssh -X <host>" then type xterm after login.
> But no x program I tried work.

There was a change in X forwarding in 3.8 to allow (and default to)
using an untrusted X cookie. That said, just starting new clients should
definitely work, and seems to work for me.

You can set 'ForwardX11Trusted yes' (or use the -Y option) as a
workaround.

Could I see the complete output from running 'ssh -vvv -X <host>' and
then trying to start an xterm?

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Message #35 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>

To: Colin Watson <cjwatson@debian.org>

Cc: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org

Subject: Re: Bug#237021: X11-forwarding not working

Date: Tue, 09 Mar 2004 17:26:29 +0100

[Message part 1 (text/plain, inline)]

On Tue, 2004-03-09 at 15:12, Colin Watson wrote:
> On Tue, Mar 09, 2004 at 01:49:40PM +0100, Kenneth Johansson wrote:
> > On Tue, 2004-03-09 at 13:26, Colin Watson wrote:
> > > On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> > > > Package: ssh
> > > > Version: 1:3.8p1-1
> > > > Severity: important
> > > > Tags: sid
> > > > 
> > > > After uppgrading X11-forwarding stoped working when using the ssh client.
> > > 
> > > What are you trying to do?
> > 
> > start xterm. basically I do "ssh -X <host>" then type xterm after login.
> > But no x program I tried work.
> 
> There was a change in X forwarding in 3.8 to allow (and default to)
> using an untrusted X cookie. That said, just starting new clients should
> definitely work, and seems to work for me.
> 
> You can set 'ForwardX11Trusted yes' (or use the -Y option) as a
> workaround.

using -Y works



> Could I see the complete output from running 'ssh -vvv -X <host>' and
> then trying to start an xterm?
> 
> Thanks,

OK attached. This is to the point where xterm is started but no window
opens. 

This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

[log.txt (text/plain, attachment)]

Message #40 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: Colin Watson <cjwatson@debian.org>, 237021@bugs.debian.org

Cc: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>, Kenneth Johansson <ken@switchboard.ericsson.se>

Subject: Re: Bug#237021: X11-forwarding not working

Date: Tue, 9 Mar 2004 22:12:41 +0100

Colin Watson wrote:

> There was a change in X forwarding in 3.8 to allow (and default to)
> using an untrusted X cookie. That said, just starting new clients should
> definitely work, and seems to work for me.

*ouch*

Could you add a NEWS item about this issue?  Plenty of clients don't
work in untrusted mode, and it's got all kinds of strange side effects
(e.g. no access to the X selection).

It's certainly a far-reaching change.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com,
libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz,
tiscali.it, voila.fr, wanadoo.fr, yahoo.com.

Message #47 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Florian Weimer <fw@deneb.enyo.de>

Cc: 237021@bugs.debian.org, Kenneth Johansson <kenneth.johansson@etx.ericsson.se>, Kenneth Johansson <ken@switchboard.ericsson.se>

Subject: Re: Bug#237021: X11-forwarding not working

Date: Wed, 10 Mar 2004 01:52:51 +0000

On Tue, Mar 09, 2004 at 10:12:41PM +0100, Florian Weimer wrote:
> Colin Watson wrote:
> > There was a change in X forwarding in 3.8 to allow (and default to)
> > using an untrusted X cookie. That said, just starting new clients
> > should definitely work, and seems to work for me.
> 
> *ouch*
> 
> Could you add a NEWS item about this issue?  Plenty of clients don't
> work in untrusted mode, and it's got all kinds of strange side effects
> (e.g. no access to the X selection).
> 
> It's certainly a far-reaching change.

I think it's become clear that it's too far-reaching at this point in
Debian's release cycle; we need time to prepare the rest of the
distribution for this sort of thing if it's to become the default. It's
new in 3.8, so even upstream haven't got much feedback about it yet.

I've committed a change which sets the ForwardX11Trusted default to yes
instead of no (and documents the whole business in README.Debian); I
plan to upload this as 1:3.8p1-2 if nobody shouts too loudly about that.
While Damien Miller upstream said "Some of the maturing needs to happen
in the X11 server libraries, toolkits and applications as well", he
didn't object to this proposed change.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Message #52 received at 237021-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 237021-close@bugs.debian.org

Subject: Bug#237021: fixed in openssh 1:3.8p1-2

Date: Wed, 10 Mar 2004 06:02:04 -0500

Source: openssh
Source-Version: 1:3.8p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh_3.8p1-2.diff.gz
  to pool/main/o/openssh/openssh_3.8p1-2.diff.gz
openssh_3.8p1-2.dsc
  to pool/main/o/openssh/openssh_3.8p1-2.dsc
ssh-askpass-gnome_3.8p1-2_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.8p1-2_powerpc.deb
ssh_3.8p1-2_powerpc.deb
  to pool/main/o/openssh/ssh_3.8p1-2_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 237021@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 10 Mar 2004 10:33:07 +0000
Source: openssh
Binary: ssh-askpass-gnome ssh
Architecture: source powerpc
Version: 1:3.8p1-2
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 236810 237021
Changes: 
 openssh (1:3.8p1-2) unstable; urgency=medium
 .
   * Disable PasswordAuthentication for new installations (closes: #236810).
   * Turn off the new ForwardX11Trusted by default, returning to the
     semantics of 3.7 and earlier, since it seems immature and causes far too
     many problems with existing setups. See README.Debian for details
     (closes: #237021).
Files: 
 483f857b358f4a965858dc6b91f9515a 842 net standard openssh_3.8p1-2.dsc
 62059d8b0bfacd5be1d38a99a73bd99e 123015 net standard openssh_3.8p1-2.diff.gz
 52536556e6fc96cf604b17f926880d35 759342 net standard ssh_3.8p1-2_powerpc.deb
 a46b505f3f3da3f74a87848efa551d8d 55960 gnome optional ssh-askpass-gnome_3.8p1-2_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFATvIA9t0zAhD6TNERAlJMAJ9PnX0WORT/2bXC3+mF3/itZ+aF0ACfR+1g
HUJiD+rejgcEUdY2gXgAQhI=
=rjfZ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.