Re: OpenSSH 3.1p1 and broken X forwarding

From: Konstantinos Agouros (elwood@news.agouros.de)
Date: 03/17/02


From: elwood@news.agouros.de (Konstantinos Agouros)
Date: 17 Mar 2002 11:10:12 +0100

In <MPG.16fdb7a9ea6df0209896e2@news.oit.umass.edu> Victor Danilchenko <danilche@cs.umass.edu> writes:

> I have recently upgraded some systems to OpenSSH 3.1p1, and while
>it worked like a charm in almost all respects, one thing is strange.
>Suddenly, X forwarding ended up being broken on certain systems.

> Now I was running OpenSSH 2.9p2 before, and everything was fine;
>with upgrade to OpenSSH 3.1p1, when I SSH into certain systems and try to
>display X apps back over the SSH tunnel, it complains about invalid
>authentication. This happens when SSH'ed into all of our SPARC/Solaris
>5.8 systems when running some older X apps (I made sure to try compiling
>SSHD on Solaris with or without PAM support, it made no difference), and
>it also happens on a couple of our Digital Unix 4 boxes when we SSH to
>them through a Solaris system. Mind you, none of these problems occurred
>with OpenSSh 2.9. One thing has changed -- I moved from SSH entropy
>source in OpenSSH 2.9 to using a random device (ANDIrand) in OpenSSH 3.1,
>but that shouldn't have made any difference to the validity of
>authentication, should it have?

> I looked through release notes and recent Deja posts, and found
>nothing helpful. Can anyone help me on this one? thanks.
Is it possible that You have ipv6 activated? If You log into a sun try:
netstat -f inet -na |grep 6010 (assuming that Your offset is 10 which is
the defaultvalue). I have a problem like this with linux-machines running
ipv6 since the X11-Listen is on the ipv6-address instead of 127.0.0.1:6010
and the X11-Client doesn't understand where to connect to.

Konstantin

>--
> Victor Danilchenko

-- 
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres



Relevant Pages

  • Re: Recent OpenSSH releases not reading .bashrc for ssh commands
    ... their .bashrc will no longer get them without engaging in..... ... ssh can invoke bash without it then reading .bashrc. ... which svn", the .bashrc is no longer read. ... you're on RHEL 5, you've installed an updated OpenSSH, and you try to ...
    (comp.security.ssh)
  • Re: two SSH compatibility scenarios: can it work?
    ... We are required to use SSH to log into the Engineering lab machines. ... > server software displays this header upon telnet connection to port 22. ... I still use Windows on my notebook for application compatibility. ... > running OpenSSH 3.4p1. ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... deployment on a Windows network. ... Does this mean that you are setting SSH port forwarding ... does not provide the other side with either a Kerberos ticket, ... We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)
  • Re: ssh compatability issues
    ... >> without keeping two versions of ssh around on my home computer. ... running the OpenSSH server that comes with Solaris ... By 'some old security problems with that' I was not sure if you meant ...
    (comp.security.ssh)
  • Re: Solaris 9 SSH: HostbasedAuthentication?
    ... > Subject: Solaris 9 SSH: HostbasedAuthentication? ... > authentication. ... I'm gathering that the OpenSSH version it's based on didn't have ...
    (Focus-SUN)