[Bug 176] New: OpenSSH_3.1p1 gives X_ShmAttach error on forwarded X11 channel

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Mar 20 23:18:33 EST 2002


           Summary: OpenSSH_3.1p1 gives X_ShmAttach error on forwarded X11
           Product: Portable OpenSSH
           Version: 3.1p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: Luca.Bonomi at fysik.dtu.dk

Dear OpenSSH developers,

We upgraded OpenSSH from 2.9 to 3.1p1 due to the recent security hole.
Unfortunately, this upgrade creates a problem for a visualization
tool that does X11 graphics over an SSH channel.

The visualization code is the rasmol_16BIT code available from
The rasmol_16BIT code has NO problems in case:
 1) the remote OpenSSH server is running OpenSSH_2.9p2.
 2) the X11 is forwarded directly in stead of via an SSH channel.
You should be able to reproduce the error by downloading the
rasmol code and trying it out.
Rasmol is the only failing application we've found so far.

Note that the option "X11UseLocalhost no" would fix the problem, but if I manually set

	DISPLAY=`echo $DISPLAY | sed s/localhost/somehostname/`

then Rasmol (and any other application too!) would not find a display at all.

I enclose below a debug-listing which hopefully may point to the
origin of the error (I have no understanding of the underlying 
mechanisms).  Both the client and server systems are running Redhat 7.2,
and have the openssh-3.1p1-2 RPM installed with default X11 configuration, but 
running "ssh protocol 1".

# ssh -v mott
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: restore_uid
debug1: ssh_connect: getuid 258 geteuid 0 anon 0
debug1: Connecting to mott [] port 22.
debug1: Allocated local port 1009.
debug1: temporarily_use_uid: 258/250 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/camp/ohnielse/.ssh/identity type -1
debug1: identity file /home/camp/ohnielse/.ssh/id_rsa type -1
debug1: identity file /home/camp/ohnielse/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.1p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'mott' is known and matches the RSA1 host key.
debug1: Found key in /home/camp/ohnielse/.ssh/known_hosts:28
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying rhosts authentication.
debug1: Remote: Accepted for tycho.fysik.dtu.dk [] by /etc/hosts.equiv.
debug1: Requesting pty.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: fd 3 setting TCP_NODELAY
debug1: Requesting shell.
debug1: Entering interactive session.
Last login: Tue Mar 19 15:19:13 2002 from tycho.fysik.dtu.dk
[ohnielse at mott ~]$ ./rasmol_16BIT debug1: Received X11 open request.
debug1: fd 4 setting TCP_NODELAY
debug1: fd 4 setting O_NONBLOCK
debug1: channel 0: new [X11 connection from port 38256]

RasMol Molecular Renderer
Roger Sayle, August 1995
Copyright (C) Roger Sayle 1992-1999
Version January 2001
Copyright (C) Herbert J. Bernstein 1998-2001
*** See "help notice" for further notices ***
[16-bit version]

debug1: channel 0: rcvd ieof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: send oclose
debug1: channel 0: output drain -> closed
debug1: channel 0: FORCE input drain
debug1: channel 0: ibuf empty
debug1: channel 0: send ieof
debug1: channel 0: input drain -> wait_oclose
X Error of failed request:  BadAccess (attempt to access private resource denied)
  Major opcode of failed request:  147 (MIT-SHM)
  Minor opcode of failed request:  1 (X_ShmAttach)
  Serial number of failed request:  215
  Current serial number in output stream:  216
debug1: channel 0: rcvd oclose
debug1: channel 0: input wait_oclose -> closed
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: X11 connection from port 38256, 
nchannels 1

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list