Debian Bug report logs - #595014
openssh-server: X11Forwarding does not work when net.ipv6.conf.all.disable_ipv6 = 1

version graph

Package: openssh-server; Maintainer for openssh-server is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for openssh-server is src:openssh.

Reported by: Jean-Christophe Dubacq <jcdubacq1@free.fr>

Date: Tue, 31 Aug 2010 13:09:01 UTC

Severity: normal

Found in version openssh/1:5.5p1-4

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#595014; Package openssh-server. (Tue, 31 Aug 2010 13:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jean-Christophe Dubacq <jcdubacq1@free.fr>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 31 Aug 2010 13:09:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jean-Christophe Dubacq <jcdubacq1@free.fr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openssh-server: X11Forwarding does not work when net.ipv6.conf.all.disable_ipv6 = 1
Date: Tue, 31 Aug 2010 14:47:12 +0200
Package: openssh-server
Version: 1:5.5p1-4
Severity: normal

It was a bit difficult to find, but when doing net.ipv6.conf.all.disable_ipv6 = 1
(and thus disabling ipv6 at the kernel level, which was required for our network
setup here), the X11 forwarding does not work any more as shown by this piece
of output of sshd -D -ddd:
[...]
debug2: bind port 6548: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: bind port 6549: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: bind port 6550: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: bind port 6551: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: bind port 6552: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: bind port 6553: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: bind port 6554: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: bind port 6555: Cannot assign requested address
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
[...]

More annoying, this fails completely silently.

I can provide more output if required.
-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (100, 'unstable'), (50, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser               3.112              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.35             Debian configuration management sy
ii  dpkg                  1.15.7.2           Debian package management system
ii  libc6                 2.11.2-2           Embedded GNU C Library: Shared lib
ii  libcomerr2            1.41.12-2          common error description library
ii  libgssapi-krb5-2      1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries - k
ii  libkrb5-3             1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries
ii  libpam-modules        1.1.1-4            Pluggable Authentication Modules f
ii  libpam-runtime        1.1.1-4            Runtime support for the PAM librar
ii  libpam0g              1.1.1-4            Pluggable Authentication Modules l
ii  libselinux1           2.0.96-1           SELinux runtime shared libraries
ii  libssl0.9.8           0.9.8o-2           SSL shared libraries
ii  libwrap0              7.6.q-19           Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-23.1           Linux Standard Base 3.2 init scrip
ii  openssh-blacklist     0.4.1              list of default blacklisted OpenSS
ii  openssh-client        1:5.5p1-4          secure shell (SSH) client, for sec
ii  procps                1:3.2.8-9          /proc file system utilities
ii  zlib1g                1:1.2.3.4.dfsg-3   compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.4-1  X authentication utility

Versions of packages openssh-server suggests:
pn  molly-guard                  <none>      (no description available)
pn  rssh                         <none>      (no description available)
ii  ssh-askpass                  1:1.2.4.1-9 under X, asks user for a passphras
pn  ufw                          <none>      (no description available)

-- debconf information:
* ssh/insecure_rshd:
* ssh/vulnerable_host_keys:
* ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/disable_cr_auth: true
* ssh/encrypted_host_key_but_no_keygen:




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#595014; Package openssh-server. (Thu, 28 Oct 2010 14:51:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Олег Корчагин <madrouter@yandex.ru>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Thu, 28 Oct 2010 14:51:08 GMT) Full text and rfc822 format available.

Message #10 received at 595014@bugs.debian.org (full text, mbox):

From: Олег Корчагин <madrouter@yandex.ru>
To: 595014@bugs.debian.org
Subject: Re: X11Forwarding does not work when net.ipv6.conf.all.disable_ipv6 = 1
Date: Thu, 28 Oct 2010 18:48:56 +0400
Confirm the bug.

Debian squeeze, openssh-server 1:5.5p1-5+b1

As a workaround, add '-4' options to ssh daemon via /etc/default/ssh

P.S.

1) This bug is seemed to be the same as bug # 422327 :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422327

2) I think this bug is not specific for debian, but for openssh-server
v5. For example, the same bug was found in openSolaris:
http://groups.google.com/group/mailing.unix.openssh-dev/browse_thread/thread/8bc4833f84f05ce3

Regards,
Oleg





Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 02:50:56 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.