Hi SSH-fans,
I've got a strange problem forwarding X to a crowded server. Both systems are
Ubuntu Xenial based, OpenSSH version is 7.2p1. I think, it's a Linux specific
bug in sshd.
When connecting with "ssh -X", sshd tries to find a usable TCP port starting at
6000+X11DisplayOffset. After it _seems to have_ found one (which means bind()
no longer fails with EADDRINUSE), it tries to listen() which fails with
EADDRINUSE on two of my servers.
Instead of handling this by trying the next port, sshd gives up and X
forwarding fails (although the SSH-connection is established). According to
"man 2 listen" listen() failing after successfully bind()ing is a valid
exception in Linux.
The problem seems to be located in channels.c in x11_create_display_inet(). The
loop looking for free ports only tests, if bind() succeeds. After the loop,
listen() is called, an error is printed ("listen: Address already in use") and
x11_create_display_inet() exits unsuccessfully.
I tried to report it to <openssh-unix-...@mindrot.org> but I'm not a member and
didn't find a way to become one. Sending it to <open...@openssh.com> is most
likely not a good idea since <https://man.openbsd.org/listen.2> shows that
EADDRINUSE is not an expected error in OpenBSD's listen() call.
Is it possible to fix this with a patch in the debian package? I'd gladly
provide the patch but I'm not a C developer and sshd is most likely a risky
thing to touch without experience.
Best regards,
Frank Burkhardt
