Openssh 3.9p1: ControlPath children can't run X windows applications (or change user)

From: William Stearns (wstearns_at_pobox.com)
Date: 01/11/05

  • Next message: Daniel Briley: "name lookup/reverse map issues"
    Date: Tue, 11 Jan 2005 01:52:43 -0500 (EST)
    To: ML-ssh <secureshell@securityfocus.com>
    
    

    Good evening, all,
             I'm running OpenSSH 3.9p1-7 from Fedora core 3. I just started
    using ControlPath - very nice!
             While I can successfully run X windows applications in the
    ControlMaster window, I can't run those same applications in the any of
    the ssh sessions that run inside the Master. For this experiment, I have
    "ForwardX11Trusted yes" in the "Host *" section of ~/.ssh/config :

    ssh root-zaphod -M -v
    [snip]
    debug1: Entering interactive session.
    debug1: Requesting X11 forwarding with authentication spoofing.
    debug1: Requesting authentication agent forwarding.
    Last login: Tue Jan 11 01:27:18 2005 from
    68-169-201-54.sbtnvt.adelphia.net
    [root@zaphod root]# xeyes &
    [1] 5640
    [root@zaphod root]# debug1: client_input_channel_open: ctype x11 rchan 4
    win 65536 max 16384
    debug1: client_request_x11: request from 127.0.0.1 52209
    debug1: channel 1: new [x11]
    debug1: confirm x11
    debug1: channel 2: new [client-session]

             and xeyes starts up just fine on my local machine. Now if I start
    a second shell:

    [wstearns@sparrow tmp]$ ssh -v root-zaphod
    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /home/wstearns/.ssh/config
    debug1: Applying options for root-zaphod
    debug1: Applying options for *
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: /etc/ssh/ssh_config line 45: Deprecated option "FallBackToRsh"
    debug1: /etc/ssh/ssh_config line 46: Deprecated option "UseRsh"
    Last login: Tue Jan 11 01:28:50 2005 from
    68-169-201-54.sbtnvt.adelphia.net
    [root@zaphod root]# echo $DISPLAY

    [root@zaphod root]#

             And since there's no DISPLAY set:

    [root@zaphod root]# xclock &
    [1] 6055
    [root@zaphod root]# Error: Can't open display:

    [1]+ Exit 1 xclock
    [root@zaphod root]#

             I honestly don't know if this is an issue with ControlPath, an
    issue with Portable OpenSSH, or an issue with Redhat/Fedora's package.
    If you're using OpenSSH 3.9, would you be willing to try running an X
    application in both the Master and Slave windows?
             If you haven't used ControlMaster before, you only need to make
    two changes. Add this line to the appropriate stanza of ~/.ssh/config :

         ControlPath /home/wstearns/.ssh/sockets/root-zaphod

             and add the "-M" to the command line of the Master, leaving it off
    for the slave.

             As a side note, ControlPath also appears to be incompatible with
    "-l username" and "username@" command line options, but I strongly suspect
    this is intentional.
             Cheers,
             - Bill

    ---------------------------------------------------------------------------
    ACHTUNG!
    Das machine is nicht fur gefingerpoken und mittengrabben. Ist
    easyschnappen der springenwerk, blowenfusen und corkenpoppen
    mitspitzensparken. Ist nicht fur gewerken by das dummkopfen.
    Dasrubbernecken sightseeren keepen hands in das pockets.
    Relaxen undvatch das blinkenlights!!!
    --------------------------------------------------------------------------
    William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f,
    rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
    --------------------------------------------------------------------------


  • Next message: Daniel Briley: "name lookup/reverse map issues"

    Relevant Pages

    • Re: pubkey works for user: why not root ?
      ... AND to add the line "AllowUsers sean root" (multiple users can be allowed, ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug1: Next authentication method: publickey ...
      (SSH)
    • Re: pubkey works for user: why not root ?
      ... Subject: pubkey works for user: why not root? ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug1: Next authentication method: publickey ...
      (SSH)
    • RE: pubkey works for user: why not root ?
      ... Subject: pubkey works for user: why not root? ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... for user root service ssh-connection method publickey ...
      (SSH)
    • sftp only works for root
      ... I can only get sftp to work for root. ... If I sftp using a non-root user account, I get the following from sshd -d: ... debug1: Received SIGCHLD. ...
      (comp.security.ssh)
    • Re: Enabling SFTP under Debian 4.0r0
      ... ssh works for a normal user but not for root, sftp doesn't work for either. ... Unless you guys have a suggestion that'll let me run root commands as a normal user I kinda have to. ... debug1: Connection established. ...
      (Debian-User)