Debian Bug report logs - #237021
X11-forwarding not working

version graph

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for ssh is src:openssh (PTS, buildd, popcon).

Reported by: Kenneth Johansson <ken@switchboard.ericsson.se>

Date: Tue, 9 Mar 2004 11:48:02 UTC

Severity: important

Tags: sid

Merged with 236998

Found in version 1:3.8p1-1

Fixed in version openssh/1:3.8p1-2

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Kenneth Johansson <ken@switchboard.ericsson.se>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kenneth Johansson <ken@switchboard.ericsson.se>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: X11-forwarding not working
Date: Tue, 09 Mar 2004 12:31:41 +0100
Package: ssh
Version: 1:3.8p1-1
Severity: important
Tags: sid

After uppgrading X11-forwarding stoped working when using the ssh client.

Tried against solaris 8, debian woody and to localhost and never got X forwarding to work. 

I have not changes any configuration files.

text mode still works OK. DISPLAY is correct as far as I can see. 




-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.18-686
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.4.14       Debian configuration management sy
ii  dpkg                        1.10.19      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-15      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-15      Runtime support for the PAM librar
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-4    compression library - runtime

-- debconf information:
* ssh/privsep_tell: 
* ssh/insecure_rshd: 
  ssh/privsep_ask: true
* ssh/ssh2_keys_merged: 
* ssh/user_environment_tell: 
* ssh/forward_warning: 
* ssh/insecure_telnetd: 
* ssh/new_config: true
  ssh/ancient_version: 
* ssh/use_old_init_script: true
* ssh/protocol2_only: false
  ssh/rootlogin_warning: 
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true
* ssh/upgrade_to_openssh: true
* ssh/SUID_client: true

This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.




Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #10 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>
To: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org
Subject: Re: Bug#237021: X11-forwarding not working
Date: Tue, 9 Mar 2004 12:26:42 +0000
On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> Package: ssh
> Version: 1:3.8p1-1
> Severity: important
> Tags: sid
> 
> After uppgrading X11-forwarding stoped working when using the ssh client.

What are you trying to do?

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Kenneth Johansson <kenneth.johansson@etx.ericsson.se>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #15 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>
To: Colin Watson <cjwatson@debian.org>
Cc: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org
Subject: Re: Bug#237021: X11-forwarding not working
Date: Tue, 09 Mar 2004 13:49:40 +0100
[Message part 1 (text/plain, inline)]
On Tue, 2004-03-09 at 13:26, Colin Watson wrote:
> On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> > Package: ssh
> > Version: 1:3.8p1-1
> > Severity: important
> > Tags: sid
> > 
> > After uppgrading X11-forwarding stoped working when using the ssh client.
> 
> What are you trying to do?

start xterm. basically I do "ssh -X <host>" then type xterm after login.
But no x program I tried work.

I have attached the output of "strace -t -o log.txt xterm" from within
the ssh session. 



 

This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

[log.txt (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Ben Korvemaker <korvemaker@sympatico.ca>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #20 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Ben Korvemaker <korvemaker@sympatico.ca>
To: Debian Bug Tracking System <237021@bugs.debian.org>
Cc: Kenneth Johansson <ken@switchboard.ericsson.se>
Subject: ssh: Why X11Forward isn't working
Date: Tue, 9 Mar 2004 08:49:17 -0500
Package: ssh
Version: 1:3.8p1-1
Severity: normal
Followup-For: Bug #237021

There's a new option in ssh, ForwardX11Trusted. The command line portion
is -Y. It's mentioned in ssh(1) and documented more in ssh_config(5).
Unfortunately, it's not mentioned under the "X11 and TCP forwarding"
section in ssh(1).

I've yet to dig into all the details of how this is different from
before and why it was neccessary to do so. Anyone who wants to enlighten
me on this topic can.

Ben
-- 
Ben Korvemaker
korvemaker@sympatico.ca
31AB 75AD 4CBF C164 1963         A Boeing 747s wingspan is longer than
A674 1C53 0733 C855 8011           the Wright brother's first flight.



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Carsten Luedtke <acid_man@web.de>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #25 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Carsten Luedtke <acid_man@web.de>
To: Debian Bug Tracking System <237021@bugs.debian.org>
Subject: ssh: I have similar problems
Date: Tue, 09 Mar 2004 14:56:30 +0100
Package: ssh
Version: 1:3.8p1-1
Severity: normal
Followup-For: Bug #237021

I have similar problems in sid. I have roblems with gkrellm (directly forwarded 
without gkrellmd) and tkseti.

Gkrellm works expect for the seti plugin (not part of debian now). If I move my 
mouse over the plugin gkrellm + the ssh session will be killed. The output on a 
gnome-terminal:

acidman@mr-data:~$ gkrellm
The program 'gkrellm' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadWindow (invalid Window parameter)'.
    (Details: serial 3401 error_code 3 request_code 38 minor_code 0)
    (Note to programmers: normally, X errors are reported asynchronously;
    that is, you will receive the error a while after causing it.
    To debug your program, run it with the --sync command line
    option to change this behavior. You can then get a meaningful
    backtrace from your debugger if you break on the gdk_x_error() function.)
acidman@mr-data:~$

For tkseti i get the following output:

acidman@mr-data:~$ tkseti
X Error of failed request:  BadAtom (invalid Atom parameter)
    Major opcode of failed request:  20 (X_GetProperty)
    Atom id in failed request:  0x1b6
    Serial number of failed request:  11
    Current serial number in output stream:  11
acidman@mr-data:~$

This is since the last update of ssh on my sid box. The problems occure on my 
sarge box (mr-data). I have tried to connect with password- and pubkey-auth.
Maybe the new PAM-stuff in this version doesn't work as expected with 
X11-forwarding. 

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.2
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.4.14       Debian configuration management sy
ii  dpkg                        1.10.19      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-15      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-15      Runtime support for the PAM librar
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-4    compression library - runtime

-- debconf information:
  ssh/insecure_rshd: 
  ssh/privsep_ask: true
  ssh/user_environment_tell: 
* ssh/forward_warning: 
  ssh/insecure_telnetd: 
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/SUID_client: true
* ssh/privsep_tell: 
  ssh/ssh2_keys_merged: 
* ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #30 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>
To: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>
Cc: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org
Subject: Re: Bug#237021: X11-forwarding not working
Date: Tue, 9 Mar 2004 14:12:56 +0000
On Tue, Mar 09, 2004 at 01:49:40PM +0100, Kenneth Johansson wrote:
> On Tue, 2004-03-09 at 13:26, Colin Watson wrote:
> > On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> > > Package: ssh
> > > Version: 1:3.8p1-1
> > > Severity: important
> > > Tags: sid
> > > 
> > > After uppgrading X11-forwarding stoped working when using the ssh client.
> > 
> > What are you trying to do?
> 
> start xterm. basically I do "ssh -X <host>" then type xterm after login.
> But no x program I tried work.

There was a change in X forwarding in 3.8 to allow (and default to)
using an untrusted X cookie. That said, just starting new clients should
definitely work, and seems to work for me.

You can set 'ForwardX11Trusted yes' (or use the -Y option) as a
workaround.

Could I see the complete output from running 'ssh -vvv -X <host>' and
then trying to start an xterm?

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Kenneth Johansson <kenneth.johansson@etx.ericsson.se>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #35 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>
To: Colin Watson <cjwatson@debian.org>
Cc: Kenneth Johansson <ken@switchboard.ericsson.se>, 237021@bugs.debian.org
Subject: Re: Bug#237021: X11-forwarding not working
Date: Tue, 09 Mar 2004 17:26:29 +0100
[Message part 1 (text/plain, inline)]
On Tue, 2004-03-09 at 15:12, Colin Watson wrote:
> On Tue, Mar 09, 2004 at 01:49:40PM +0100, Kenneth Johansson wrote:
> > On Tue, 2004-03-09 at 13:26, Colin Watson wrote:
> > > On Tue, Mar 09, 2004 at 12:31:41PM +0100, Kenneth Johansson wrote:
> > > > Package: ssh
> > > > Version: 1:3.8p1-1
> > > > Severity: important
> > > > Tags: sid
> > > > 
> > > > After uppgrading X11-forwarding stoped working when using the ssh client.
> > > 
> > > What are you trying to do?
> > 
> > start xterm. basically I do "ssh -X <host>" then type xterm after login.
> > But no x program I tried work.
> 
> There was a change in X forwarding in 3.8 to allow (and default to)
> using an untrusted X cookie. That said, just starting new clients should
> definitely work, and seems to work for me.
> 
> You can set 'ForwardX11Trusted yes' (or use the -Y option) as a
> workaround.

using -Y works



> Could I see the complete output from running 'ssh -vvv -X <host>' and
> then trying to start an xterm?
> 
> Thanks,

OK attached. This is to the point where xterm is started but no window
opens. 

This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

[log.txt (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #40 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>
To: Colin Watson <cjwatson@debian.org>, 237021@bugs.debian.org
Cc: Kenneth Johansson <kenneth.johansson@etx.ericsson.se>, Kenneth Johansson <ken@switchboard.ericsson.se>
Subject: Re: Bug#237021: X11-forwarding not working
Date: Tue, 9 Mar 2004 22:12:41 +0100
Colin Watson wrote:

> There was a change in X forwarding in 3.8 to allow (and default to)
> using an untrusted X cookie. That said, just starting new clients should
> definitely work, and seems to work for me.

*ouch*

Could you add a NEWS item about this issue?  Plenty of clients don't
work in untrusted mode, and it's got all kinds of strange side effects
(e.g. no access to the X selection).

It's certainly a far-reaching change.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com,
libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz,
tiscali.it, voila.fr, wanadoo.fr, yahoo.com.



Merged 236998 237021. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#237021; Package ssh. (full text, mbox, link).


Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #47 received at 237021@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 237021@bugs.debian.org, Kenneth Johansson <kenneth.johansson@etx.ericsson.se>, Kenneth Johansson <ken@switchboard.ericsson.se>
Subject: Re: Bug#237021: X11-forwarding not working
Date: Wed, 10 Mar 2004 01:52:51 +0000
On Tue, Mar 09, 2004 at 10:12:41PM +0100, Florian Weimer wrote:
> Colin Watson wrote:
> > There was a change in X forwarding in 3.8 to allow (and default to)
> > using an untrusted X cookie. That said, just starting new clients
> > should definitely work, and seems to work for me.
> 
> *ouch*
> 
> Could you add a NEWS item about this issue?  Plenty of clients don't
> work in untrusted mode, and it's got all kinds of strange side effects
> (e.g. no access to the X selection).
> 
> It's certainly a far-reaching change.

I think it's become clear that it's too far-reaching at this point in
Debian's release cycle; we need time to prepare the rest of the
distribution for this sort of thing if it's to become the default. It's
new in 3.8, so even upstream haven't got much feedback about it yet.

I've committed a change which sets the ForwardX11Trusted default to yes
instead of no (and documents the whole business in README.Debian); I
plan to upload this as 1:3.8p1-2 if nobody shouts too loudly about that.
While Damien Miller upstream said "Some of the maturing needs to happen
in the X11 server libraries, toolkits and applications as well", he
didn't object to this proposed change.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (full text, mbox, link).


Notification sent to Kenneth Johansson <ken@switchboard.ericsson.se>:
Bug acknowledged by developer. (full text, mbox, link).


Message #52 received at 237021-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>
To: 237021-close@bugs.debian.org
Subject: Bug#237021: fixed in openssh 1:3.8p1-2
Date: Wed, 10 Mar 2004 06:02:04 -0500
Source: openssh
Source-Version: 1:3.8p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh_3.8p1-2.diff.gz
  to pool/main/o/openssh/openssh_3.8p1-2.diff.gz
openssh_3.8p1-2.dsc
  to pool/main/o/openssh/openssh_3.8p1-2.dsc
ssh-askpass-gnome_3.8p1-2_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.8p1-2_powerpc.deb
ssh_3.8p1-2_powerpc.deb
  to pool/main/o/openssh/ssh_3.8p1-2_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 237021@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 10 Mar 2004 10:33:07 +0000
Source: openssh
Binary: ssh-askpass-gnome ssh
Architecture: source powerpc
Version: 1:3.8p1-2
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 236810 237021
Changes: 
 openssh (1:3.8p1-2) unstable; urgency=medium
 .
   * Disable PasswordAuthentication for new installations (closes: #236810).
   * Turn off the new ForwardX11Trusted by default, returning to the
     semantics of 3.7 and earlier, since it seems immature and causes far too
     many problems with existing setups. See README.Debian for details
     (closes: #237021).
Files: 
 483f857b358f4a965858dc6b91f9515a 842 net standard openssh_3.8p1-2.dsc
 62059d8b0bfacd5be1d38a99a73bd99e 123015 net standard openssh_3.8p1-2.diff.gz
 52536556e6fc96cf604b17f926880d35 759342 net standard ssh_3.8p1-2_powerpc.deb
 a46b505f3f3da3f74a87848efa551d8d 55960 gnome optional ssh-askpass-gnome_3.8p1-2_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFATvIA9t0zAhD6TNERAlJMAJ9PnX0WORT/2bXC3+mF3/itZ+aF0ACfR+1g
HUJiD+rejgcEUdY2gXgAQhI=
=rjfZ
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 30 22:25:23 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.