Bug#1069236: openssh-server: X over ssh fails with "cannot open display"
I'm not using a hostname with ssh, I'm sshing directly to an IPv4 address. *How* was it disabled? net.ipv6.conf.all.disable_ipv6 = 1 in /etc/sysctl.conf My point is that "AddressFamily any" should not fail to set $DISPLAY if IPv6 is not available. On Tue, Apr 23, 2024 at 5:38 AM Jonathan Dowland wrote: > > On Thu, Apr 18, 2024 at 06:33:00AM -0500, allan wrote: > > Resolved the issue by editing /etc/ssh/sshd_config and changing > > #AddressFamily any > > to > > AddressFamily inet > > This is not a reasonable change to make to the default configuration, > because it would mean that ssh did not work out of the box in IPv6 > environments. > > On Thu, Apr 18, 2024 at 07:53:52AM -0500, allan wrote: > > More info - IPv6 is disabled on all four machines. I think > > "AddressFamily any" should have supported an IPv4 connection. > > *How* is it disabled? More information will be needed to figure out > exactly what's gone on in your environment. > > I speculate that the hostnames you were trying to connect to were > resolving as IPv6 addresses, and the connection failing because the > hosts are rejecting IPv6 traffic. If that's right, the ultimate fix > is to correct whatever name resolution is giving you the wrong > addresses in your environment. > > If you are prepared to experiment, we might be able to drill down and > check that. If so, can you > > 1) reverse the sshd_config change you made on at least one of the >hosts, and restart that sshd > > 2) assuming the troublesome host is named "myhost" in your environment >(substitute as appropriate), from your client machine, report the >result of running > > getent hosts myhost > dig +short myhost > nslookup myhost > ping -c 1 myhost > > (one or more of these commands may not exist on your machine) > > 2) re-attempt to connect from your client, this time passing -vv or >-vvv, and capture the logging output
Bug#1069236: openssh-server: X over ssh fails with "cannot open display"
On Thu, Apr 18, 2024 at 06:33:00AM -0500, allan wrote: > Resolved the issue by editing /etc/ssh/sshd_config and changing > #AddressFamily any > to > AddressFamily inet This is not a reasonable change to make to the default configuration, because it would mean that ssh did not work out of the box in IPv6 environments. On Thu, Apr 18, 2024 at 07:53:52AM -0500, allan wrote: > More info - IPv6 is disabled on all four machines. I think > "AddressFamily any" should have supported an IPv4 connection. *How* is it disabled? More information will be needed to figure out exactly what's gone on in your environment. I speculate that the hostnames you were trying to connect to were resolving as IPv6 addresses, and the connection failing because the hosts are rejecting IPv6 traffic. If that's right, the ultimate fix is to correct whatever name resolution is giving you the wrong addresses in your environment. If you are prepared to experiment, we might be able to drill down and check that. If so, can you 1) reverse the sshd_config change you made on at least one of the hosts, and restart that sshd 2) assuming the troublesome host is named "myhost" in your environment (substitute as appropriate), from your client machine, report the result of running getent hosts myhost dig +short myhost nslookup myhost ping -c 1 myhost (one or more of these commands may not exist on your machine) 2) re-attempt to connect from your client, this time passing -vv or -vvv, and capture the logging output
Bug#1069236: openssh-server: X over ssh fails with "cannot open display"
Package: openssh-server Version: 1:9.7p1-4 Severity: important X-Debbugs-Cc: wizard10...@gmail.com On four Sid machines here X over ssh fails with "cannot open display". Resolved the issue by editing /etc/ssh/sshd_config and changing #AddressFamily any to AddressFamily inet and restarting sshd. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.7.9-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-server depends on: ii adduser3.137 ii debconf [debconf-2.0] 1.5.86 ii init-system-helpers1.66 ii libaudit1 1:3.1.2-2.1 ii libc6 2.37-17 ii libcom-err21.47.0-2.4 ii libcrypt1 1:4.4.36-4 ii libgssapi-krb5-2 1.20.1-6+b1 ii libkrb5-3 1.20.1-6+b1 ii libpam-modules 1.5.3-7 ii libpam-runtime 1.5.3-7 ii libpam0g 1.5.3-7 ii libselinux13.5-2+b2 ii libssl3t64 3.2.1-3 ii libwrap0 7.6.q-33 ii openssh-client 1:9.7p1-4 ii openssh-sftp-server1:9.7p1-4 ii procps 2:4.0.4-4 ii runit-helper 2.16.2 ii sysvinit-utils [lsb-base] 3.09-1 ii ucf3.0043+nmu1 ii zlib1g 1:1.3.dfsg-3.1 Versions of packages openssh-server recommends: ii libpam-systemd [logind] 255.4-1+b1 ii ncurses-term 6.4+20240414-1 ii xauth1:1.1.2-1 Versions of packages openssh-server suggests: pn molly-guard pn monkeysphere ii ssh-askpass 1:1.2.4.1-16+b1 pn ufw -- debconf information excluded