Re: OpenSSH 3.1p1 and broken X forwarding

From: Konstantinos Agouros (elwood@news.agouros.de)
Date: 03/17/02


From: elwood@news.agouros.de (Konstantinos Agouros)
Date: 17 Mar 2002 11:10:12 +0100

In <MPG.16fdb7a9ea6df0209896e2@news.oit.umass.edu> Victor Danilchenko <danilche@cs.umass.edu> writes:

> I have recently upgraded some systems to OpenSSH 3.1p1, and while
>it worked like a charm in almost all respects, one thing is strange.
>Suddenly, X forwarding ended up being broken on certain systems.

> Now I was running OpenSSH 2.9p2 before, and everything was fine;
>with upgrade to OpenSSH 3.1p1, when I SSH into certain systems and try to
>display X apps back over the SSH tunnel, it complains about invalid
>authentication. This happens when SSH'ed into all of our SPARC/Solaris
>5.8 systems when running some older X apps (I made sure to try compiling
>SSHD on Solaris with or without PAM support, it made no difference), and
>it also happens on a couple of our Digital Unix 4 boxes when we SSH to
>them through a Solaris system. Mind you, none of these problems occurred
>with OpenSSh 2.9. One thing has changed -- I moved from SSH entropy
>source in OpenSSH 2.9 to using a random device (ANDIrand) in OpenSSH 3.1,
>but that shouldn't have made any difference to the validity of
>authentication, should it have?

> I looked through release notes and recent Deja posts, and found
>nothing helpful. Can anyone help me on this one? thanks.
Is it possible that You have ipv6 activated? If You log into a sun try:
netstat -f inet -na |grep 6010 (assuming that Your offset is 10 which is
the defaultvalue). I have a problem like this with linux-machines running
ipv6 since the X11-Listen is on the ipv6-address instead of 127.0.0.1:6010
and the X11-Client doesn't understand where to connect to.

Konstantin

>--
> Victor Danilchenko

-- 
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres



Relevant Pages

  • Re: Recent OpenSSH releases not reading .bashrc for ssh commands
    ... their .bashrc will no longer get them without engaging in..... ... ssh can invoke bash without it then reading .bashrc. ... which svn", the .bashrc is no longer read. ... you're on RHEL 5, you've installed an updated OpenSSH, and you try to ...
    (comp.security.ssh)
  • Re: two SSH compatibility scenarios: can it work?
    ... We are required to use SSH to log into the Engineering lab machines. ... > server software displays this header upon telnet connection to port 22. ... I still use Windows on my notebook for application compatibility. ... > running OpenSSH 3.4p1. ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... deployment on a Windows network. ... Does this mean that you are setting SSH port forwarding ... does not provide the other side with either a Kerberos ticket, ... We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)
  • Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd)
    ... Is OpenSSH 3.3 now part of the base system? ... older versions of ssh are vulnerable or not. ... I have to say that I side with Theo here: ... we wouldn't need OpenSSH. ...
    (FreeBSD-Security)
  • Re: SSH2 and ZSH
    ... implementation of SSH that is not present in the BSD standard OpenSSH. ... That said it would sound to me like you have a path problem not and SSH ... FreeBSD installs ping by default in /sbin and a ... > I recently installed FreeBSD 5.4 on a new server.everything is smooth and ...
    (freebsd-questions)