Bug#1069236: openssh-server: X over ssh fails with "cannot open display"

2024-04-23 Thread allan 
I'm not using a hostname with ssh, I'm sshing directly to an IPv4 address.

*How* was it disabled?  net.ipv6.conf.all.disable_ipv6 = 1 in /etc/sysctl.conf

My point is that "AddressFamily any" should not fail to set $DISPLAY
if IPv6 is not available.

On Tue, Apr 23, 2024 at 5:38 AM Jonathan Dowland  wrote:
>
> On Thu, Apr 18, 2024 at 06:33:00AM -0500, allan wrote:
> > Resolved the issue by editing /etc/ssh/sshd_config and changing
> > #AddressFamily any
> > to
> > AddressFamily inet
>
> This is not a reasonable change to make to the default configuration,
> because it would mean that ssh did not work out of the box in IPv6
> environments.
>
> On Thu, Apr 18, 2024 at 07:53:52AM -0500, allan wrote:
> > More info - IPv6 is disabled on all four machines.  I think
> > "AddressFamily any" should have supported an IPv4 connection.
>
> *How* is it disabled? More information will be needed to figure out
> exactly what's gone on in your environment.
>
> I speculate that the hostnames you were trying to connect to were
> resolving as IPv6 addresses, and the connection failing because the
> hosts are rejecting IPv6 traffic. If that's right, the ultimate fix
> is to correct whatever name resolution is giving you the wrong
> addresses in your environment.
>
> If you are prepared to experiment, we might be able to drill down and
> check that. If so, can you
>
> 1) reverse the sshd_config change you made on at least one of the
>hosts, and restart that sshd
>
> 2) assuming the troublesome host is named "myhost" in your environment
>(substitute as appropriate), from your client machine, report the
>result of running
>
> getent hosts myhost
> dig +short myhost
> nslookup myhost
> ping -c 1 myhost
>
> (one or more of these commands may not exist on your machine)
>
> 2) re-attempt to connect from your client, this time passing -vv or
>-vvv, and capture the logging output

Bug#1069236:

2024-04-18 Thread allan 
More info - IPv6 is disabled on all four machines.  I think
"AddressFamily any" should have supported an IPv4 connection.

Bug#1069236: openssh-server: X over ssh fails with "cannot open display"

2024-04-18 Thread allan 
Package: openssh-server
Version: 1:9.7p1-4
Severity: important
X-Debbugs-Cc: wizard10...@gmail.com

On four Sid machines here X over ssh fails with "cannot open display".

Resolved the issue by editing /etc/ssh/sshd_config and changing

#AddressFamily any

to

AddressFamily inet

and restarting sshd.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser3.137
ii  debconf [debconf-2.0]  1.5.86
ii  init-system-helpers1.66
ii  libaudit1  1:3.1.2-2.1
ii  libc6  2.37-17
ii  libcom-err21.47.0-2.4
ii  libcrypt1  1:4.4.36-4
ii  libgssapi-krb5-2   1.20.1-6+b1
ii  libkrb5-3  1.20.1-6+b1
ii  libpam-modules 1.5.3-7
ii  libpam-runtime 1.5.3-7
ii  libpam0g   1.5.3-7
ii  libselinux13.5-2+b2
ii  libssl3t64 3.2.1-3
ii  libwrap0   7.6.q-33
ii  openssh-client 1:9.7p1-4
ii  openssh-sftp-server1:9.7p1-4
ii  procps 2:4.0.4-4
ii  runit-helper   2.16.2
ii  sysvinit-utils [lsb-base]  3.09-1
ii  ucf3.0043+nmu1
ii  zlib1g 1:1.3.dfsg-3.1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  255.4-1+b1
ii  ncurses-term 6.4+20240414-1
ii  xauth1:1.1.2-1

Versions of packages openssh-server suggests:
pn  molly-guard   
pn  monkeysphere  
ii  ssh-askpass   1:1.2.4.1-16+b1
pn  ufw   

-- debconf information excluded