Package: openssh-server Version: 1:5.1p1-5 Severity: normal
X11 forwarding from my openssh server has been working fine for years. Now suddenly, it doesn't any more. See the session log below. I'm not sure what else to report, except that I see a recent, almost identical report at http://www.usenet-forums.com/openssh-development/411642-openssh_5-1-untrusted-x11-forwarding-ssh-x-no-longer-works.html . Thanks, Andrew. $ ssh -vY helium emacs OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /home/andrex/.ssh/config debug1: Applying options for helium debug1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 5200-glenwood.net [68.55.218.17] port 22. debug1: Connection established. debug1: identity file /home/andrex/.ssh/identity type -1 debug1: identity file /home/andrex/.ssh/id_rsa type -1 debug1: identity file /home/andrex/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5 debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 [email protected] debug1: kex: client->server aes128-cbc hmac-md5 [email protected] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '5200-glenwood.net' is known and matches the RSA host key. debug1: Found key in /home/andrex/.ssh/known_hosts:9 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: Public Key debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: Enabling compression at level 6. debug1: Authentication succeeded (publickey). debug1: Local connections to LOCALHOST:1080 forwarded to remote address socks:0 debug1: Local forwarding listening on 127.0.0.1 port 1080. bind: Address already in use debug1: Local forwarding listening on ::1 port 1080. bind: Address already in use channel_setup_fwd_listener: cannot listen to port: 1080 debug1: Local connections to LOCALHOST:14301 forwarded to remote address localhost:143 debug1: Local forwarding listening on 127.0.0.1 port 14301. bind: Address already in use debug1: Local forwarding listening on ::1 port 14301. bind: Address already in use channel_setup_fwd_listener: cannot listen to port: 14301 debug1: Local connections to LOCALHOST:2501 forwarded to remote address localhost:25 debug1: Local forwarding listening on 127.0.0.1 port 2501. bind: Address already in use debug1: Local forwarding listening on ::1 port 2501. bind: Address already in use channel_setup_fwd_listener: cannot listen to port: 2501 Could not request local forwarding. debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: No xauth program. Warning: No xauth data; using fake authentication data for X11 forwarding. debug1: Requesting X11 forwarding with authentication spoofing. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending command: emacs debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384 debug1: client_request_x11: request from 127.0.0.1 50658 debug1: channel 1: new [x11] debug1: confirm x11 Invalid MIT-MAGIC-COOKIE-1 key Gtkdebug1: channel 1: free: x11, nchannels 2 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 -WARNING **: cannot open display: localhost:11.0 debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2400, received 2560 bytes, in 0.2 seconds Bytes per second: sent 12342.2, received 13165.0 debug1: Exit status 1 debug1: compress outgoing: raw data 278, compressed 229, factor 0.82 debug1: compress incoming: raw data 369, compressed 273, factor 0.74 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (300, 'unstable'), (200, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-server depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0 1.5.26 Debian configuration management sy ii dpkg 1.14.25 Debian package management system ii libc6 2.9-4 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libkrb53 1.6.dfsg.4~beta1-11 Transitional library package/krb4 ii libpam-modules 1.0.1-7 Pluggable Authentication Modules f ii libpam-runtime 1.0.1-7 Runtime support for the PAM librar ii libpam0g 1.0.1-7 Pluggable Authentication Modules l ii libselinux1 2.0.65-5 SELinux shared libraries ii libssl0.9.8 0.9.8g-15 SSL shared libraries ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-client 1:5.1p1-5 secure shell client, an rlogin/rsh ii procps 1:3.2.7-11 /proc file system utilities ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-server recommends: ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.3-2 X authentication utility Versions of packages openssh-server suggests: pn molly-guard <none> (no description available) pn rssh <none> (no description available) pn ssh-askpass <none> (no description available) -- debconf information: ssh/insecure_rshd: ssh/vulnerable_host_keys: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true * ssh/disable_cr_auth: true ssh/encrypted_host_key_but_no_keygen: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
