5.1p1 and X11 forwarding failing

Jeff Blaine jblaine at kickflop.net
Thu Feb 5 08:46:41 EST 2009 

===================================================================

OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
debug1: Connecting to sshserver.our.com [XX.YY.10.1] port 3333.
debug1: Connection established.
debug1: identity file /cygdrive/c/Documents and 
Settings/jblaine/.ssh/identity type -1
debug1: identity file /cygdrive/c/Documents and 
Settings/jblaine/.ssh/id_rsa type -1
debug1: identity file /cygdrive/c/Documents and 
Settings/jblaine/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: Host 'sshserver.our.com' is known and matches the RSA host key.
debug1: Found key in /cygdrive/c/Documents and 
Settings/jblaine/.ssh/known_hosts:2
debug1: found matching key w/out port
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow at openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to sshserver.our.com closed.
Transferred: sent 1904, received 5912 bytes, in 24.6 seconds
Bytes per second: sent 77.5, received 240.7
debug1: Exit status 0

===================================================================

debug1: sshd version OpenSSH_5.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/testing/openssh-5.1p1/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='3333'
debug1: rexec_argv[3]='-d'
debug1: Bind to port 3333 on ::.
Server listening on :: port 3333.
debug1: Bind to port 3333 on 0.0.0.0.
Server listening on 0.0.0.0 port 3333.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: inetd sockets after dupping: 4, 4
Connection from AA.BB.6.43 port 4872
debug1: Client protocol version 2.0; client software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: permanently_set_uid: 27/65000
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user jblaine service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "jblaine"
debug1: PAM: setting PAM_RHOST to "AA.BB.6.43"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user jblaine service ssh-connection method 
keyboard-interactive
debug1: attempt 1 failures 0
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=jblaine devs=
debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
Postponed keyboard-interactive for jblaine from AA.BB.6.43 port 4872 ssh2
Postponed keyboard-interactive/pam for jblaine from AA.BB.6.43 port 4872 
ssh2
debug1: do_pam_account: called
debug1: PAM: num PAM env strings 1
Postponed keyboard-interactive/pam for jblaine from AA.BB.6.43 port 4872 
ssh2
debug1: do_pam_account: called
Accepted keyboard-interactive/pam for jblaine from AA.BB.6.43 port 4872 ssh2
debug1: monitor_child_preauth: jblaine has been authenticated by 
privileged process
debug1: PAM: establishing credentials
User child is on pid 27888
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 26560/10
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions at openssh.com 
want_reply 0
debug1: server_input_channel_req: channel 0 request x11-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
Failed to allocate internet-domain X11 display socket.
debug1: x11_create_display_inet failed.
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/26
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 29309
debug1: session_exit_message: session 0 channel 0 pid 29309
debug1: session_exit_message: release channel 0
debug1: session_by_tty: session 0 tty /dev/pts/26
debug1: session_pty_cleanup: session 0 release /dev/pts/26
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
debug1: session_close: session 0 pid 0
debug1: channel 0: free: server-session, nchannels 1
Connection closed by AA.BB.6.43
debug1: do_cleanup
Transferred: sent 5912, received 1904 bytes
Closing connection to AA.BB.6.43 port 4872
debug1: PAM: cleanup
debug1: PAM: deleting credentials
debug1: PAM: closing session


Damien Miller wrote:
> On Wed, 4 Feb 2009, Jeff Blaine wrote:
> 
>> I'm really scratching my head on this one.  The server
>> is running OpenSSH 5.1p1 on Solaris 9.  The authentication
>> is via PAM if that matters.
>>
>> # grep X11 sshd_config | sed '/^#/D'
>> X11Forwarding yes
>> X11DisplayOffset 10
>> X11UseLocalhost yes
>> #
>>
>> Now I attach to my 'master' sshd and follow all children
>> to look for any evidence of "DISPLAY":
>>
>> # truss -f -a -e -p 14923 2>&1 | grep DISPLAY
>>
>> I then fire up ssh -X from a client machine, login, and
>> truss reports nothing.
> 
> truss is a really poor tool to diagnose ssh problems. Please post
> ssh and sshd debug traces.
> 
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list