msg "X11 connection uses different authentication protocol" ?

Dirk Wetter dirkw at rentec.com
Tue Sep 5 06:00:05 EST 2000 


Hi,

using OpenSSH_2.1.1 p4 i have problems with X11 forwarding. I used the
same sources for Solaris and Linux. Tried nearly every combination,
but it seems that the "opensshd" for Solaris has some problems.
Of course i tried to connect with "ssh -X", the server  has in its
/etc/sshd_config:

X11Forwarding yes
X11DisplayOffset 10
XAuthLocation /usr/openwin/bin/xauth

The client doesn't have any config file, neither for Linux nor for
Solaris (same NFS
homedir).

- it doesn't depend on the client, i checked with an non-free ssh client
or use
    Linux instead. Both works.

- i checked the x11 fwd'ing with the openssh client on a non-free server
on Solaris as well
    to an openssh server on Linux, both works too.

So, every time when i try to use x11 forwarding the Solaris server
using the openssh daemon,
it fails. Attached  you find an output from an openssh client to an
openssh server, both on Solaris.

I know this is not the latest version. But since i could find anything
in the changelog for 2.2.0p1
which could have addressed this issue or in the archived mailing list, i
dare to send this mail ;-)


Thanks for your help,

             </dirk>



PS: please CC to me, I am not on this list.
-------------- next part --------------

server:~ # /usr/sbin/sshd -d
debug: sshd version OpenSSH_2.1.1
debug: Command 'ls -alni /var/mail' timed out
debug: Seeded RNG with 41 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: read DSA private key done
debug: Seeded RNG with 40 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
debug: Seeded RNG with 40 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Command 'ls -alni /var/mail' timed out
debug: Seeded RNG with 41 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
RSA key generation complete.
debug: Server will not fork when running in debugging mode.
Connection from client-ip port 890
debug: Client protocol version 1.5; client software version OpenSSH_2.1.1
debug: Local version string SSH-1.99-OpenSSH_2.1.1
debug: Sent 768 bit public key and 1024 bit host key.
debug: Encryption type: 3des
debug: Received session key; encryption turned on.
debug: Installing crc compensation attack detector.
debug: Starting up PAM with username "userid"
debug: Attempting authentication for userid.
debug: Trying rhosts with RSA host authentication for userid
debug: Rhosts RSA authentication: canonical host client
Rhosts with RSA host authentication accepted for userid, userid on client.
Accepted rhosts-rsa for userid from client-ip port 890 ruser userid
debug: PAM setting rhost to "client"
debug: PAM setting ruser to "userid"
debug: session_new: init
debug: session_new: session 0
debug: Allocating pty.
debug: Received request for X11 forwarding with auth spoofing.
debug: fd 14 setting O_NONBLOCK
debug: channel 0: new [X11 inet listener]
debug: PAM setting tty to "/dev/pts/9"
debug: PAM establishing creds
debug: Entering interactive session.
debug: fd 12 setting O_NONBLOCK
debug: server_init_dispatch_13
debug: server_init_dispatch_15
debug: tvp!=NULL kid 0 mili 10

on the client side was issued "ssh -v -X":

userid at client[~:512] ssh -X -v server   
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh_config
debug: Command 'ls -alni /var/mail' timed out
debug: Seeded RNG with 39 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: ssh_connect: getuid 505 geteuid 0 anon 0
debug: Connecting to server [server-ip] port 22.
debug: Seeded RNG with 39 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 890.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1
debug: Local version string SSH-1.5-OpenSSH_2.1.1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'server' is known and matches the RSA host key.
debug: Seeded RNG with 39 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
debug: Remote: Accepted for client [client-ip] by /etc/hosts.equiv.
debug: Received RSA challenge for host key from server.
debug: Sending response to host key RSA challenge.
debug: Remote: Rhosts with RSA host authentication accepted.
debug: Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.
debug: Requesting pty.
debug: Requesting X11 forwarding with authentication spoofing.
debug: Requesting shell.
debug: Entering interactive session.
Environment:
  TZ=US/Eastern
  SSH_CLIENT=client-ip 890 22
  SSH_TTY=/dev/pts/9
  TERM=xterm
  DISPLAY=server:10.0
  XAUTHORITY=/tmp/ssh-zXXT5224/cookies

[...]
userid at server[~:512] echo $DISPLAY $TERM
xterm
userid at server[~:513] xterm -display server:10.0 
debug: Received X11 open request.
debug: fd 9 setting O_NONBLOCK
debug: channel 0: new [X11 connection from server port 35530]
debug: X11 connection uses different authentication protocol.
debug: X11 rejected 0 i1/o16
debug: channel 0: read failed
debug: channel 0: input open -> drain
debug: channel 0: close_read
debug: channel 0: input: no drain shortcut
debug: channel 0: ibuf empty
debug: channel 0: input drain -> wait_oclose
debug: channel 0: send ieof
debug: channel 0: write failed
debug: channel 0: output open -> wait_ieof
debug: channel 0: send oclose
debug: channel 0: close_write
debug: X11 closed 0 i4/o64
debug: channel 0: rcvd ieof
debug: channel 0: non-open
channel 0: istate 4 != open
channel 0: ostate 64 != open
debug: channel 0: rcvd oclose
debug: channel 0: input wait_oclose -> closed
X connection to server:10.0 broken (explicit kill or server shutdown).

userid at server[~:516] netstat -a | grep '\.60'  
      *.6000               *.*                0      0     0      0 LISTEN
      *.6010               *.*                0      0     0      0 LISTEN
server.6010             server.35530            32768      0 32768      0 TIME_WAIT

More information about the openssh-unix-dev mailing list