X11 forwarding problem -- openssh-3.5p1 -- redhat 8.0 -- linux 2.4.18
Jim Prewett
download at ahpcc.unm.edu
Wed Jan 22 10:10:23 EST 2003
Oh yeah, one more thing, I *can* bind to those ports using another program
(in this case nc).
# nc -l -p 6010
hello
<client telnets to port 6010 and says hello>
Jim
On Tue, 21 Jan 2003, Ladner, Eric (Eric.Ladner) wrote:
> You've checked 'iptables -L' to see if those ports are being REJECTEd on
> the RH 8.0 box?
>
> Eric
>
> -----Original Message-----
> From: Jim Prewett [mailto:download at ahpcc.unm.edu]
> Sent: Tuesday, January 21, 2003 4:32 PM
> To: openssh-unix-dev at mindrot.org
> Subject: X11 forwarding problem -- openssh-3.5p1 -- redhat 8.0 -- linux
> 2.4.18
>
>
> All,
> I'm working on upgrading a machine from RH 6.2 to RH 8.0. I've
> encountered one major (for me) snag in that I cannot get X11 forwarding
> to work anymore.
>
> I've been google-ing the error messages all morning, with no luck.
>
> Here is debugging output from the server (client debugging output sent
> upon request... I don't feel it is relevant). What I feel is
> interesting is at the bottom of the following text block:
>
> # sshd -ddd -p 222
> debug1: sshd version OpenSSH_3.5p1
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 222 on 0.0.0.0.
> Server listening on 0.0.0.0 port 222.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode. Connection
> from 129.24.246.132 port 1179
> debug1: Client protocol version 2.0; client software version
> OpenSSH_3.4p1 FreeBSD-20020702
> debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.5p1
> debug2: Network child is on pid 32411
> debug3: preauth child monitor started
> debug3: mm_request_receive entering
> debug3: privsep user:group 74:74
> debug1: permanently_set_uid: 74/74
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug3: mm_request_send entering: type 0
> debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
> debug3: monitor_read: checking request 0
> debug3: mm_answer_moduli: got parameters: 1024 2048 8192
> debug3: mm_request_receive_expect entering: type 1
> debug3: mm_request_receive entering
> debug3: mm_request_send entering: type 1
> debug2: monitor_read: 0 used once, disabling now
> debug3: mm_request_receive entering
> debug3: mm_choose_dh: remaining 0
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: dh_gen_key: priv key bits set: 121/256
> debug1: bits set: 1612/3191
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 1595/3191
> debug3: mm_key_sign entering
> debug3: mm_request_send entering: type 4
> debug3: monitor_read: checking request 4
> debug3: mm_answer_sign
> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
> debug3: mm_request_receive_expect entering: type 5
> debug3: mm_request_receive entering
> debug3: mm_answer_sign: signature 0x809f278(55)
> debug3: mm_request_send entering: type 5
> debug2: monitor_read: 4 used once, disabling now
> debug3: mm_request_receive entering
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user download service ssh-connection method
> none
> debug1: attempt 0 failures 0
> debug3: mm_getpwnamallow entering
> debug3: mm_request_send entering: type 6
> debug3: monitor_read: checking request 6
> debug3: mm_answer_pwnamallow
> debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
> debug3: mm_request_receive_expect entering: type 7
> debug3: mm_request_receive entering
> debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
> debug3: mm_request_send entering: type 7
> debug2: monitor_read: 6 used once, disabling now
> debug3: mm_request_receive entering
> debug2: input_userauth_request: setting up authctxt for download
> debug3: mm_start_pam entering
> debug3: mm_request_send entering: type 41
> debug3: mm_inform_authserv entering
> debug3: monitor_read: checking request 41
> debug1: Starting up PAM with username "download"
> debug3: mm_request_send entering: type 3
> debug2: input_userauth_request: try method none
> debug3: mm_auth_password entering
> debug3: mm_request_send entering: type 10
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
> debug3: mm_request_receive_expect entering: type 11
> debug3: mm_request_receive entering
> debug3: Trying to reverse map address 129.24.246.132.
> debug1: PAM setting rhost to "dhcp132.ahpcc.unm.edu"
> debug2: monitor_read: 41 used once, disabling now
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 3
> debug3: mm_answer_authserv: service=ssh-connection, style=
> debug2: monitor_read: 3 used once, disabling now
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 10
> debug3: mm_answer_authpassword: sending result 0
> debug3: mm_request_send entering: type 11
> Failed none for download from 129.24.246.132 port 1179 ssh2
> debug3: mm_request_receive entering
> debug3: mm_auth_password: user not authenticated
> Failed none for download from 129.24.246.132 port 1179 ssh2
> debug1: userauth-request for user download service ssh-connection method
> keyboard-interactive
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=download devs=
> debug1: kbdint_alloc: devices ''
> debug2: auth2_challenge_start: devices
> Failed keyboard-interactive for download from 129.24.246.132 port 1179
> ssh2
> debug1: userauth-request for user download service ssh-connection method
> password
> debug1: attempt 2 failures 2
> debug2: input_userauth_request: try method password
> debug3: mm_auth_password entering
> debug3: mm_request_send entering: type 10
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
> debug3: mm_request_receive_expect entering: type 11
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 10
> debug1: PAM Password authentication accepted for user "download"
> debug3: mm_answer_authpassword: sending result 1
> debug3: mm_request_send entering: type 11
> debug3: mm_auth_password: user authenticated
> Accepted password for download from 129.24.246.132 port 1179 ssh2
> debug3: mm_send_keystate: Sending new keys: 0x809e408 0x809d4b0
> debug3: mm_newkeys_to_blob: converting 0x809e408
> debug3: mm_newkeys_to_blob: converting 0x809d4b0
> debug3: mm_send_keystate: New keys have been sent
> debug3: mm_send_keystate: Sending compression state
> debug3: mm_request_send entering: type 24
> debug3: mm_send_keystate: Finished sending state
> debug2: pam_acct_mgmt() = 0
> Accepted password for download from 129.24.246.132 port 1179 ssh2
> debug1: monitor_child_preauth: download has been authenticated by
> privileged process
> debug3: mm_get_keystate: Waiting for new keys
> debug3: mm_request_receive_expect entering: type 24
> debug3: mm_request_receive entering
> debug3: mm_newkeys_from_blob: 0x80a97c0(118)
> debug2: mac_init: found hmac-md5
> debug3: mm_get_keystate: Waiting for second key
> debug3: mm_newkeys_from_blob: 0x80a97c0(118)
> debug2: mac_init: found hmac-md5
> debug3: mm_get_keystate: Getting compression state
> debug3: mm_get_keystate: Getting Network I/O buffers
> debug3: mm_share_sync: Share sync
> debug3: mm_share_sync: Share sync end
> debug2: User child is on pid 32412
> debug3: mm_request_receive entering
> debug1: PAM establishing creds
> debug1: permanently_set_uid: 31618/100
> debug1: newkeys: mode 0
> debug1: newkeys: mode 1
> debug1: Entering interactive session for SSH2.
> debug1: fd 7 setting O_NONBLOCK
> debug1: fd 8 setting O_NONBLOCK
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 65536 max
> 16384
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: init
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug1: server_input_channel_req: channel 0 request pty-req reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req pty-req
> debug1: lastlog_openseek: Couldn't open /var/log/lastlog: Permission
> denied
> debug1: Allocating pty.
> debug3: mm_request_send entering: type 25
> debug3: monitor_read: checking request 25
> debug3: mm_answer_pty entering
> debug1: session_new: init
> debug1: session_new: session 0
> debug3: mm_request_send entering: type 26
> debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
> debug3: mm_request_receive_expect entering: type 26
> debug3: mm_request_receive entering
> debug1: session_pty_req: session 0 alloc /dev/pts/4
> debug3: mm_answer_pty: tty /dev/pts/4 ptyfd 3
> debug3: mm_request_receive entering
> debug3: tty_parse_modes: SSH2 n_bytes 251
> debug3: tty_parse_modes: ospeed 38400
> debug3: tty_parse_modes: ispeed 38400
> debug3: tty_parse_modes: 1 3
> debug3: tty_parse_modes: 2 28
> debug3: tty_parse_modes: 3 8
> debug3: tty_parse_modes: 4 21
> debug3: tty_parse_modes: 5 4
> debug3: tty_parse_modes: 6 255
> debug3: tty_parse_modes: 7 255
> debug3: tty_parse_modes: 8 17
> debug3: tty_parse_modes: 9 19
> debug3: tty_parse_modes: 10 26
> debug1: Ignoring unsupported tty mode opcode 11 (0xb)
> debug3: tty_parse_modes: 12 18
> debug3: tty_parse_modes: 13 23
> debug3: tty_parse_modes: 14 22
> debug1: Ignoring unsupported tty mode opcode 17 (0x11)
> debug3: tty_parse_modes: 18 15
> debug3: tty_parse_modes: 30 0
> debug3: tty_parse_modes: 31 0
> debug3: tty_parse_modes: 32 0
> debug3: tty_parse_modes: 33 0
> debug3: tty_parse_modes: 34 0
> debug3: tty_parse_modes: 35 0
> debug3: tty_parse_modes: 36 1
> debug3: tty_parse_modes: 38 1
> debug3: tty_parse_modes: 39 1
> debug3: tty_parse_modes: 40 0
> debug3: tty_parse_modes: 41 1
> debug3: tty_parse_modes: 50 1
> debug3: tty_parse_modes: 51 1
> debug3: tty_parse_modes: 53 1
> debug3: tty_parse_modes: 54 1
> debug3: tty_parse_modes: 55 1
> debug3: tty_parse_modes: 56 0
> debug3: tty_parse_modes: 57 0
> debug3: tty_parse_modes: 58 0
> debug3: tty_parse_modes: 59 1
> debug3: tty_parse_modes: 60 1
> debug3: tty_parse_modes: 61 1
> debug3: tty_parse_modes: 62 1
> debug3: tty_parse_modes: 70 1
> debug3: tty_parse_modes: 72 1
> debug3: tty_parse_modes: 73 0
> debug3: tty_parse_modes: 74 0
> debug3: tty_parse_modes: 75 0
> debug3: tty_parse_modes: 90 1
> debug3: tty_parse_modes: 91 1
> debug3: tty_parse_modes: 92 0
> debug3: tty_parse_modes: 93 0
> debug1: server_input_channel_req: channel 0 request x11-req reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req x11-req
> debug1: bind port 6010: Cannot assign requested address
> debug1: bind port 6011: Cannot assign requested address
>
> <snip -- more failed attempts to bind a port. It does try all of them
> from 6010 to 6999.>
>
> debug1: bind port 6998: Cannot assign requested address
> debug1: bind port 6999: Cannot assign requested address
> Failed to allocate internet-domain X11 display socket.
> debug1: x11_create_display_inet failed.
> debug1: server_input_channel_req: channel 0 request shell reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req shell
> debug1: PAM setting tty to "/dev/pts/4"
> debug1: PAM establishing creds
> debug1: fd 4 setting TCP_NODELAY
> debug1: channel 0: rfd 10 isatty
> debug1: fd 10 setting O_NONBLOCK
> debug2: fd 9 is O_NONBLOCK
> debug1: Setting controlling tty using TIOCSCTTY.
>
> My configuration (defaults and blanks stripped):
> # awk '!/^$|^#/ {print}' /etc/ssh/sshd_config
> HostKey /etc/ssh/ssh_host_key
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> SyslogFacility AUTHPRIV
> X11Forwarding yes
> X11DisplayOffset 10
> UsePrivilegeSeparation yes
> Subsystem sftp /usr/libexec/openssh/sftp-server
>
>
> This is built from a source rpm from redhat
> (http://ftp.redhat.com/pub/redhat/linux/rawhide/SRPMS/SRPMS/openssh-3.5p
> 1-3.src.rpm)
>
> I modified the openssh.spec file slightly:
> # diff -u openssh.spec openssh.spec.orig
> --- openssh.spec 2003-01-21 11:31:15.000000000 -0700
> +++ openssh.spec.orig 2003-01-21 11:30:34.000000000 -0700
> @@ -9,7 +9,7 @@
> %define no_x11_askpass 0
>
> # Do we want to disable building of gnome-askpass? (1=yes 0=no)
> -%define no_gnome_askpass 1
> +%define no_gnome_askpass 0
>
> # Do we want to link against a static libcrypto? (1=yes 0=no) %define
> static_libcrypto 0 @@ -24,10 +24,10 @@ %define build6x 0
>
> # Disable IPv6 (avoids DNS hangs on some glibc versions) -%define noip6
> 1
> +%define noip6 0
>
> # Do we want kerberos5 support (1=yes 0=no)
> -%define kerberos5 0
> +%define kerberos5 1
>
> # Whether or not /sbin/nologin exists.
> %define nologin 1
>
>
> Also, I saw some stuff in the archives about IPV6 causing some problems.
> I'm not using IPV6: grep IPV6 /usr/src/linux/.config # CONFIG_IPV6 is
> not set
>
> I've also tried passing -4 to both the client and the server to ensure
> they don't get confused about v4 vs. v6.
>
> Please let me know if additional information would be helpful. I'll be
> more than happy to provide it.
>
> Any help would be greatly appreciated,
> Jim
>
>
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
More information about the openssh-unix-dev
mailing list