5.1p1 and X11 forwarding failing
Damien Miller
djm at mindrot.org
Thu Feb 5 09:49:55 EST 2009
On Wed, 4 Feb 2009, Jeff Blaine wrote:
> debug1: session_input_channel_req: session 0 req x11-req
> debug2: bind port 6010: Cannot assign requested address
> debug2: bind port 6011: Cannot assign requested address
> debug2: bind port 6012: Cannot assign requested address
> debug2: bind port 6013: Cannot assign requested address
> debug2: bind port 6014: Cannot assign requested address
> debug2: bind port 6015: Cannot assign requested address
> [ and so forth... ]
You must be on one of those broken platforms whose getaddrinfo()
returns instructions to listen on both IPv4 and IPv6 addresses but
refuses to allow us to actually bind() to one of these addresses,
usually IPv6.
We don't have any good solution for this at the moment that
doesn't reintroduce CVE-2008-1483*, but if you are not using IPv6 then
you can workaround the problem by telling OpenSSH not to try to
use it by adding "AddressFamily INET" to your sshd_config.
I'd also suggest bugging your system vendor - getaddrinfo() with
hints->ai_flags containing AI_PASSIVE should return a *usable* list
of addresses to bind. OpenSSH's breakage here is caused by the system
returning addresses that cannot be bound.
-d
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
More information about the openssh-unix-dev
mailing list