X11 forwarding does not work as normal user

Ziying Sherwin sherwin at nlm.nih.gov
Wed May 8 00:34:47 EST 2002 

Thanks very much for the reply. When I tried to use ssh both as normal user and
super user with "-vvv" option, I found some difference between two outputs. The
outputs are appended below.

Apparently, there is no debugging information about requesting X11 forwarding
if I use ssh as a normal user and DISPLAY variable is not set either. Is there
something wrong with the code or the configuration that I used?

Thanks,

Ziying

------------------------------------------------------------------------------
Output from "ssh -vvv noble -l <normal user>" as super user

>ssh -vvv noble -l foo
[debug information]
<banner message>
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
[...]
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
foo at noble's password:
debug1: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: ssh-userauth2 successful: method password
debug3: clear hostkey 0
debug3: clear hostkey 1
debug3: clear hostkey 2
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug3: tty_make_modes: ospeed 9600
debug3: tty_make_modes: ispeed 9600
debug3: tty_make_modes: 1 3
[...]
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug2: x11_get_proto /usr/openwin/bin/xauth list :0.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: x11-req
debug1: channel request 0: shell
debug1: fd 5 setting TCP_NODELAY
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Tue May  7 09:59:01 2002 from hume
Sun Microsystems Inc.   SunOS 5.8       Generic February 2000
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 49464
debug1: fd 9 setting O_NONBLOCK
debug2: fd 9 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
nob[foo]csh:51>echo $DISPLAY
localhost:10.0
nob[foo]csh:52>xauth list
noble:0  MIT-MAGIC-COOKIE-1  542e4645344831694c3164595a513559
noble/unix:0  MIT-MAGIC-COOKIE-1  542e4645344831694c3164595a513559
130.14.35.142:0  MIT-MAGIC-COOKIE-1  435433683137484e51415761444b7348
image3pc:0  MIT-MAGIC-COOKIE-1  7976416b43797453317662554133314c
[...]

Output from "ssh -vvv noble <normal user>" as normal user
hum[zs]ksh:306>ssh -vvv noble -l foo
[debug message]
<banner message>
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
[...]
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
foo at noble's password:
debug1: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: ssh-userauth2 successful: method password
debug3: clear hostkey 0
debug3: clear hostkey 1
debug3: clear hostkey 2
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug3: tty_make_modes: ospeed 9600
debug3: tty_make_modes: ispeed 9600
debug3: tty_make_modes: 1 3
[...]
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug1: channel request 0: shell
debug1: fd 6 setting TCP_NODELAY
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Mon May  6 13:48:17 2002 from noble
Sun Microsystems Inc.   SunOS 5.8       Generic February 2000
nob[foo]ksh:156>nob[zs]ksh:157>echo $DISPLAY

nob[zs]ksh:158>xauth list
hume:0  MIT-MAGIC-COOKIE-1  7a76423953564963475a397735434777
hume/unix:0  MIT-MAGIC-COOKIE-1  7a76423953564963475a397735434777
noble:0  MIT-MAGIC-COOKIE-1  386a366156644f4b5141667642516c56
noble/unix:0  MIT-MAGIC-COOKIE-1  386a366156644f4b5141667642516c56
[...]





On Mon, 6 May 2002, Kevin Steves wrote:

> On Mon, 6 May 2002, Ziying Sherwin wrote:
> :The X11 forwarding works fine if we logged as super user, but does not work
> :for normal users. What is the problem?
> 
> debugging information would help (ssh -vvv; sshd -ddd).  what happens when
> you run a client? also:
> 
> [stevesk at scott stevesk]$ echo $DISPLAY
> localhost:10.0
> [stevesk at scott stevesk]$ xauth list
> scott/unix:10  MIT-MAGIC-COOKIE-1  6b18d84bd88a222d6c78fa582cfece84
> scott/unix:11  MIT-MAGIC-COOKIE-1  5ce99b3240b88a2ab4624e80fb0cd790
> scott/unix:12  MIT-MAGIC-COOKIE-1  1b686867a502022b8fc55e263dd8db31
> 
>

More information about the openssh-unix-dev mailing list