Still no joy: no X11 protocols

Bruce Korb bruce.korb at gmail.com
Sat Jul 26 10:08:50 EST 2008 

Hello,

I know this is likely to give me a brute force attack hit,
but the only thing anyone can accomplish by ssh-ing to my machine
is to provide me with a tunnel into your machine.  So don't bother.

Anyway, my server machine is running this:

/usr/bin/ssh -X -R ${port}:localhost:22 -o BatchMode=yes \
  -o StrictHostKeyChecking=no ${user}@${my_home_machine}

On my local machine:

ssh -vvv -X -p ${port} localhost

Attached is the output, below is the X11 stuff.  What's wrong?
Thank you in advance.  Regards, Bruce

====

Here is the typical symptom, running X app on the server through the tunnel:
> X Error of failed request:  BadDrawable (invalid Pixmap or Window parameter)
>   Major opcode of failed request:  55 (X_CreateGC)
>   Resource id in failed request:  0x1a6
>   Serial number of failed request:  1
>   Current serial number in output stream:  4
or something similar.

Here is a new symptom ($DISPLAY is not set):
 > xterm -T "S043-1 via telnet bignts17 5010" -e telnet bignts17 5010
 > xterm Xt error: Can't open display:

And the config files, first from the server (work) machine:

> # for f in /etc/ssh/ssh*_config;do echo $f;egrep -v $'^[ \t]*(#|$)' $f ;done

> /etc/ssh/ssh_config
> Host *
> ForwardX11 no
> ForwardX11Trusted yes
>     Protocol 2
> SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> SendEnv LC_IDENTIFICATION LC_ALL

> /etc/ssh/sshd_config
> Protocol 2
> PasswordAuthentication no
> UsePAM yes
> X11Forwarding yes
> Subsystem       sftp    /usr/lib64/ssh/sftp-server
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> AcceptEnv LC_IDENTIFICATION LC_ALL

And then from home:

> /etc/ssh/ssh_config
> Host *
> ForwardX11Trusted yes
>     Protocol 2
> SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> SendEnv LC_IDENTIFICATION LC_ALL

> /etc/ssh/sshd_config
> Protocol 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> TCPKeepAlive yes
> ClientAliveInterval 30
> ClientAliveCountMax 99999
> PasswordAuthentication no
> ChallengeResponseAuthentication no
> UsePAM no
> X11Forwarding yes
> AllowUsers ${user}
> Subsystem       sftp    /usr/lib64/ssh/sftp-server
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> AcceptEnv LC_IDENTIFICATION LC_ALL

And finally the debug output:

debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-ZCkLTd4136/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-ZCkLTd4136/xauthfile list :0.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
debug2: client_session2_setup: id 0
....
debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 55024
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: channel 1: rcvd eof
....
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
   #0 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1)
   #1 x11 (t4 r2 i3/0 o3/0 fd 9/9 cfd -1)

debug3: channel 1: close_fds r 9 w 9 e -1 c -1
debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 55025
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
.....
debug3: channel 1: will not send data after close
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 55026
debug2: fd 10 setting O_NONBLOCK
debug3: fd 10 is O_NONBLOCK
debug1: channel 2: new [x11]
debug1: confirm x11
....
debug1: channel 1: free: x11, nchannels 3
debug3: channel 1: status: The following connections are open:
   #0 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1)
   #1 x11 (t4 r2 i3/0 o3/0 fd 9/9 cfd -1)
   #2 x11 (t7 r3 i0/0 o0/0 fd 10/10 cfd -1)
....
debug1: channel 2: free: x11, nchannels 2
debug3: channel 2: status: The following connections are open:
   #0 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1)
   #2 x11 (t4 r3 i3/0 o3/0 fd 10/10 cfd -1)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ssh-connect.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080725/f998c15a/attachment.txt

More information about the openssh-unix-dev mailing list