Jim Prewett
2003-Jan-21 22:31 UTC
X11 forwarding problem -- openssh-3.5p1 -- redhat 8.0 -- linux 2.4.18
All, I'm working on upgrading a machine from RH 6.2 to RH 8.0. I've encountered one major (for me) snag in that I cannot get X11 forwarding to work anymore. I've been google-ing the error messages all morning, with no luck. Here is debugging output from the server (client debugging output sent upon request... I don't feel it is relevant). What I feel is interesting is at the bottom of the following text block: # sshd -ddd -p 222 debug1: sshd version OpenSSH_3.5p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 222 on 0.0.0.0. Server listening on 0.0.0.0 port 222. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 129.24.246.132 port 1179 debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 FreeBSD-20020702 debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.5p1 debug2: Network child is on pid 32411 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 74:74 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 2048 8192 debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 121/256 debug1: bits set: 1612/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1595/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: mm_answer_sign: signature 0x809f278(55) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user download service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for download debug3: mm_start_pam entering debug3: mm_request_send entering: type 41 debug3: mm_inform_authserv entering debug3: monitor_read: checking request 41 debug1: Starting up PAM with username "download" debug3: mm_request_send entering: type 3 debug2: input_userauth_request: try method none debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: Trying to reverse map address 129.24.246.132. debug1: PAM setting rhost to "dhcp132.ahpcc.unm.edu" debug2: monitor_read: 41 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, styledebug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed none for download from 129.24.246.132 port 1179 ssh2 debug3: mm_request_receive entering debug3: mm_auth_password: user not authenticated Failed none for download from 129.24.246.132 port 1179 ssh2 debug1: userauth-request for user download service ssh-connection method keyboard-interactive debug1: attempt 1 failures 1 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs debug1: auth2_challenge: user=download devsdebug1: kbdint_alloc: devices '' debug2: auth2_challenge_start: devices Failed keyboard-interactive for download from 129.24.246.132 port 1179 ssh2 debug1: userauth-request for user download service ssh-connection method password debug1: attempt 2 failures 2 debug2: input_userauth_request: try method password debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug1: PAM Password authentication accepted for user "download" debug3: mm_answer_authpassword: sending result 1 debug3: mm_request_send entering: type 11 debug3: mm_auth_password: user authenticated Accepted password for download from 129.24.246.132 port 1179 ssh2 debug3: mm_send_keystate: Sending new keys: 0x809e408 0x809d4b0 debug3: mm_newkeys_to_blob: converting 0x809e408 debug3: mm_newkeys_to_blob: converting 0x809d4b0 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state debug2: pam_acct_mgmt() = 0 Accepted password for download from 129.24.246.132 port 1179 ssh2 debug1: monitor_child_preauth: download has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 24 debug3: mm_request_receive entering debug3: mm_newkeys_from_blob: 0x80a97c0(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 0x80a97c0(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug2: User child is on pid 32412 debug3: mm_request_receive entering debug1: PAM establishing creds debug1: permanently_set_uid: 31618/100 debug1: newkeys: mode 0 debug1: newkeys: mode 1 debug1: Entering interactive session for SSH2. debug1: fd 7 setting O_NONBLOCK debug1: fd 8 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: lastlog_openseek: Couldn't open /var/log/lastlog: Permission denied debug1: Allocating pty. debug3: mm_request_send entering: type 25 debug3: monitor_read: checking request 25 debug3: mm_answer_pty entering debug1: session_new: init debug1: session_new: session 0 debug3: mm_request_send entering: type 26 debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 26 debug3: mm_request_receive entering debug1: session_pty_req: session 0 alloc /dev/pts/4 debug3: mm_answer_pty: tty /dev/pts/4 ptyfd 3 debug3: mm_request_receive entering debug3: tty_parse_modes: SSH2 n_bytes 251 debug3: tty_parse_modes: ospeed 38400 debug3: tty_parse_modes: ispeed 38400 debug3: tty_parse_modes: 1 3 debug3: tty_parse_modes: 2 28 debug3: tty_parse_modes: 3 8 debug3: tty_parse_modes: 4 21 debug3: tty_parse_modes: 5 4 debug3: tty_parse_modes: 6 255 debug3: tty_parse_modes: 7 255 debug3: tty_parse_modes: 8 17 debug3: tty_parse_modes: 9 19 debug3: tty_parse_modes: 10 26 debug1: Ignoring unsupported tty mode opcode 11 (0xb) debug3: tty_parse_modes: 12 18 debug3: tty_parse_modes: 13 23 debug3: tty_parse_modes: 14 22 debug1: Ignoring unsupported tty mode opcode 17 (0x11) debug3: tty_parse_modes: 18 15 debug3: tty_parse_modes: 30 0 debug3: tty_parse_modes: 31 0 debug3: tty_parse_modes: 32 0 debug3: tty_parse_modes: 33 0 debug3: tty_parse_modes: 34 0 debug3: tty_parse_modes: 35 0 debug3: tty_parse_modes: 36 1 debug3: tty_parse_modes: 38 1 debug3: tty_parse_modes: 39 1 debug3: tty_parse_modes: 40 0 debug3: tty_parse_modes: 41 1 debug3: tty_parse_modes: 50 1 debug3: tty_parse_modes: 51 1 debug3: tty_parse_modes: 53 1 debug3: tty_parse_modes: 54 1 debug3: tty_parse_modes: 55 1 debug3: tty_parse_modes: 56 0 debug3: tty_parse_modes: 57 0 debug3: tty_parse_modes: 58 0 debug3: tty_parse_modes: 59 1 debug3: tty_parse_modes: 60 1 debug3: tty_parse_modes: 61 1 debug3: tty_parse_modes: 62 1 debug3: tty_parse_modes: 70 1 debug3: tty_parse_modes: 72 1 debug3: tty_parse_modes: 73 0 debug3: tty_parse_modes: 74 0 debug3: tty_parse_modes: 75 0 debug3: tty_parse_modes: 90 1 debug3: tty_parse_modes: 91 1 debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0 debug1: server_input_channel_req: channel 0 request x11-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug1: bind port 6010: Cannot assign requested address debug1: bind port 6011: Cannot assign requested address <snip -- more failed attempts to bind a port. It does try all of them from 6010 to 6999.> debug1: bind port 6998: Cannot assign requested address debug1: bind port 6999: Cannot assign requested address Failed to allocate internet-domain X11 display socket. debug1: x11_create_display_inet failed. debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: PAM setting tty to "/dev/pts/4" debug1: PAM establishing creds debug1: fd 4 setting TCP_NODELAY debug1: channel 0: rfd 10 isatty debug1: fd 10 setting O_NONBLOCK debug2: fd 9 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. My configuration (defaults and blanks stripped): # awk '!/^$|^#/ {print}' /etc/ssh/sshd_config HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key SyslogFacility AUTHPRIV X11Forwarding yes X11DisplayOffset 10 UsePrivilegeSeparation yes Subsystem sftp /usr/libexec/openssh/sftp-server This is built from a source rpm from redhat (http://ftp.redhat.com/pub/redhat/linux/rawhide/SRPMS/SRPMS/openssh-3.5p1-3.src.rpm) I modified the openssh.spec file slightly: # diff -u openssh.spec openssh.spec.orig --- openssh.spec 2003-01-21 11:31:15.000000000 -0700 +++ openssh.spec.orig 2003-01-21 11:30:34.000000000 -0700 @@ -9,7 +9,7 @@ %define no_x11_askpass 0 # Do we want to disable building of gnome-askpass? (1=yes 0=no) -%define no_gnome_askpass 1 +%define no_gnome_askpass 0 # Do we want to link against a static libcrypto? (1=yes 0=no) %define static_libcrypto 0 @@ -24,10 +24,10 @@ %define build6x 0 # Disable IPv6 (avoids DNS hangs on some glibc versions) -%define noip6 1 +%define noip6 0 # Do we want kerberos5 support (1=yes 0=no) -%define kerberos5 0 +%define kerberos5 1 # Whether or not /sbin/nologin exists. %define nologin 1 Also, I saw some stuff in the archives about IPV6 causing some problems. I'm not using IPV6: grep IPV6 /usr/src/linux/.config # CONFIG_IPV6 is not set I've also tried passing -4 to both the client and the server to ensure they don't get confused about v4 vs. v6. Please let me know if additional information would be helpful. I'll be more than happy to provide it. Any help would be greatly appreciated, Jim
Ladner, Eric (Eric.Ladner)
2003-Jan-21 22:54 UTC
X11 forwarding problem -- openssh-3.5p1 -- redhat 8.0 -- linux 2.4.18
You've checked 'iptables -L' to see if those ports are being REJECTEd on the RH 8.0 box? Eric -----Original Message----- From: Jim Prewett [mailto:download at ahpcc.unm.edu] Sent: Tuesday, January 21, 2003 4:32 PM To: openssh-unix-dev at mindrot.org Subject: X11 forwarding problem -- openssh-3.5p1 -- redhat 8.0 -- linux 2.4.18 All, I'm working on upgrading a machine from RH 6.2 to RH 8.0. I've encountered one major (for me) snag in that I cannot get X11 forwarding to work anymore. I've been google-ing the error messages all morning, with no luck. Here is debugging output from the server (client debugging output sent upon request... I don't feel it is relevant). What I feel is interesting is at the bottom of the following text block: # sshd -ddd -p 222 debug1: sshd version OpenSSH_3.5p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 222 on 0.0.0.0. Server listening on 0.0.0.0 port 222. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 129.24.246.132 port 1179 debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 FreeBSD-20020702 debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.5p1 debug2: Network child is on pid 32411 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 74:74 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9 6,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9 6,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9 6,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-9 6,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 2048 8192 debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 121/256 debug1: bits set: 1612/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1595/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: mm_answer_sign: signature 0x809f278(55) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user download service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for download debug3: mm_start_pam entering debug3: mm_request_send entering: type 41 debug3: mm_inform_authserv entering debug3: monitor_read: checking request 41 debug1: Starting up PAM with username "download" debug3: mm_request_send entering: type 3 debug2: input_userauth_request: try method none debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: Trying to reverse map address 129.24.246.132. debug1: PAM setting rhost to "dhcp132.ahpcc.unm.edu" debug2: monitor_read: 41 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, styledebug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed none for download from 129.24.246.132 port 1179 ssh2 debug3: mm_request_receive entering debug3: mm_auth_password: user not authenticated Failed none for download from 129.24.246.132 port 1179 ssh2 debug1: userauth-request for user download service ssh-connection method keyboard-interactive debug1: attempt 1 failures 1 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs debug1: auth2_challenge: user=download devsdebug1: kbdint_alloc: devices '' debug2: auth2_challenge_start: devices Failed keyboard-interactive for download from 129.24.246.132 port 1179 ssh2 debug1: userauth-request for user download service ssh-connection method password debug1: attempt 2 failures 2 debug2: input_userauth_request: try method password debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug1: PAM Password authentication accepted for user "download" debug3: mm_answer_authpassword: sending result 1 debug3: mm_request_send entering: type 11 debug3: mm_auth_password: user authenticated Accepted password for download from 129.24.246.132 port 1179 ssh2 debug3: mm_send_keystate: Sending new keys: 0x809e408 0x809d4b0 debug3: mm_newkeys_to_blob: converting 0x809e408 debug3: mm_newkeys_to_blob: converting 0x809d4b0 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state debug2: pam_acct_mgmt() = 0 Accepted password for download from 129.24.246.132 port 1179 ssh2 debug1: monitor_child_preauth: download has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 24 debug3: mm_request_receive entering debug3: mm_newkeys_from_blob: 0x80a97c0(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 0x80a97c0(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug2: User child is on pid 32412 debug3: mm_request_receive entering debug1: PAM establishing creds debug1: permanently_set_uid: 31618/100 debug1: newkeys: mode 0 debug1: newkeys: mode 1 debug1: Entering interactive session for SSH2. debug1: fd 7 setting O_NONBLOCK debug1: fd 8 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: lastlog_openseek: Couldn't open /var/log/lastlog: Permission denied debug1: Allocating pty. debug3: mm_request_send entering: type 25 debug3: monitor_read: checking request 25 debug3: mm_answer_pty entering debug1: session_new: init debug1: session_new: session 0 debug3: mm_request_send entering: type 26 debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 26 debug3: mm_request_receive entering debug1: session_pty_req: session 0 alloc /dev/pts/4 debug3: mm_answer_pty: tty /dev/pts/4 ptyfd 3 debug3: mm_request_receive entering debug3: tty_parse_modes: SSH2 n_bytes 251 debug3: tty_parse_modes: ospeed 38400 debug3: tty_parse_modes: ispeed 38400 debug3: tty_parse_modes: 1 3 debug3: tty_parse_modes: 2 28 debug3: tty_parse_modes: 3 8 debug3: tty_parse_modes: 4 21 debug3: tty_parse_modes: 5 4 debug3: tty_parse_modes: 6 255 debug3: tty_parse_modes: 7 255 debug3: tty_parse_modes: 8 17 debug3: tty_parse_modes: 9 19 debug3: tty_parse_modes: 10 26 debug1: Ignoring unsupported tty mode opcode 11 (0xb) debug3: tty_parse_modes: 12 18 debug3: tty_parse_modes: 13 23 debug3: tty_parse_modes: 14 22 debug1: Ignoring unsupported tty mode opcode 17 (0x11) debug3: tty_parse_modes: 18 15 debug3: tty_parse_modes: 30 0 debug3: tty_parse_modes: 31 0 debug3: tty_parse_modes: 32 0 debug3: tty_parse_modes: 33 0 debug3: tty_parse_modes: 34 0 debug3: tty_parse_modes: 35 0 debug3: tty_parse_modes: 36 1 debug3: tty_parse_modes: 38 1 debug3: tty_parse_modes: 39 1 debug3: tty_parse_modes: 40 0 debug3: tty_parse_modes: 41 1 debug3: tty_parse_modes: 50 1 debug3: tty_parse_modes: 51 1 debug3: tty_parse_modes: 53 1 debug3: tty_parse_modes: 54 1 debug3: tty_parse_modes: 55 1 debug3: tty_parse_modes: 56 0 debug3: tty_parse_modes: 57 0 debug3: tty_parse_modes: 58 0 debug3: tty_parse_modes: 59 1 debug3: tty_parse_modes: 60 1 debug3: tty_parse_modes: 61 1 debug3: tty_parse_modes: 62 1 debug3: tty_parse_modes: 70 1 debug3: tty_parse_modes: 72 1 debug3: tty_parse_modes: 73 0 debug3: tty_parse_modes: 74 0 debug3: tty_parse_modes: 75 0 debug3: tty_parse_modes: 90 1 debug3: tty_parse_modes: 91 1 debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0 debug1: server_input_channel_req: channel 0 request x11-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug1: bind port 6010: Cannot assign requested address debug1: bind port 6011: Cannot assign requested address <snip -- more failed attempts to bind a port. It does try all of them from 6010 to 6999.> debug1: bind port 6998: Cannot assign requested address debug1: bind port 6999: Cannot assign requested address Failed to allocate internet-domain X11 display socket. debug1: x11_create_display_inet failed. debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: PAM setting tty to "/dev/pts/4" debug1: PAM establishing creds debug1: fd 4 setting TCP_NODELAY debug1: channel 0: rfd 10 isatty debug1: fd 10 setting O_NONBLOCK debug2: fd 9 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. My configuration (defaults and blanks stripped): # awk '!/^$|^#/ {print}' /etc/ssh/sshd_config HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key SyslogFacility AUTHPRIV X11Forwarding yes X11DisplayOffset 10 UsePrivilegeSeparation yes Subsystem sftp /usr/libexec/openssh/sftp-server This is built from a source rpm from redhat (http://ftp.redhat.com/pub/redhat/linux/rawhide/SRPMS/SRPMS/openssh-3.5p 1-3.src.rpm) I modified the openssh.spec file slightly: # diff -u openssh.spec openssh.spec.orig --- openssh.spec 2003-01-21 11:31:15.000000000 -0700 +++ openssh.spec.orig 2003-01-21 11:30:34.000000000 -0700 @@ -9,7 +9,7 @@ %define no_x11_askpass 0 # Do we want to disable building of gnome-askpass? (1=yes 0=no) -%define no_gnome_askpass 1 +%define no_gnome_askpass 0 # Do we want to link against a static libcrypto? (1=yes 0=no) %define static_libcrypto 0 @@ -24,10 +24,10 @@ %define build6x 0 # Disable IPv6 (avoids DNS hangs on some glibc versions) -%define noip6 1 +%define noip6 0 # Do we want kerberos5 support (1=yes 0=no) -%define kerberos5 0 +%define kerberos5 1 # Whether or not /sbin/nologin exists. %define nologin 1 Also, I saw some stuff in the archives about IPV6 causing some problems. I'm not using IPV6: grep IPV6 /usr/src/linux/.config # CONFIG_IPV6 is not set I've also tried passing -4 to both the client and the server to ensure they don't get confused about v4 vs. v6. Please let me know if additional information would be helpful. I'll be more than happy to provide it. Any help would be greatly appreciated, Jim _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Darren Tucker
2003-Jan-21 23:14 UTC
X11 forwarding problem -- openssh-3.5p1 -- redhat 8.0 -- linux 2.4.18
Jim Prewett wrote:> I'm working on upgrading a machine from RH 6.2 to RH 8.0. I've > encountered one major (for me) snag in that I cannot get X11 forwarding to > work anymore.Make sure your hosts file contains "127.0.0.1 localhost" or equivalent, or set "X11UseLocalhost no" in sshd_config. Recent version of sshd will attempt to bind to "localhost" and it may not be able to resolve that. If that doesn't help, try stracing sshd to find out why the find() fails. -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Jim Prewett
2003-Jan-24 00:45 UTC
SOLVED! Re: X11 forwarding problem -- openssh-3.5p1 -- redhat 8.0 -- linux 2.4.18
Ok, I'm an idiot! The solution was to configure the loopback interface on that host (D'oh!). I've *NEVER* encountered a situation in which it was not set to 127.0.0.1 before now. I didn't even think to check. Quite frankly, i'm amazed that more things didn't break. Many thanks to all who helped! Apologies for wasting everyone's time, Jim On Tue, 21 Jan 2003, Jim Prewett wrote:> All, > I'm working on upgrading a machine from RH 6.2 to RH 8.0. I've > encountered one major (for me) snag in that I cannot get X11 forwarding to > work anymore. > > I've been google-ing the error messages all morning, with no luck. > > Here is debugging output from the server (client debugging output sent > upon request... I don't feel it is relevant). What I feel is interesting > is at the bottom of the following text block: > > # sshd -ddd -p 222 > debug1: sshd version OpenSSH_3.5p1 > debug1: private host key: #0 type 0 RSA1 > debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: private host key: #1 type 1 RSA > debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: private host key: #2 type 2 DSA > debug1: Bind to port 222 on 0.0.0.0. > Server listening on 0.0.0.0 port 222. > Generating 768 bit RSA key. > RSA key generation complete. > debug1: Server will not fork when running in debugging mode. > Connection from 129.24.246.132 port 1179 > debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 > FreeBSD-20020702 > debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-1.99-OpenSSH_3.5p1 > debug2: Network child is on pid 32411 > debug3: preauth child monitor started > debug3: mm_request_receive entering > debug3: privsep user:group 74:74 > debug1: permanently_set_uid: 74/74 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss,ssh-rsa > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received > debug3: mm_request_send entering: type 0 > debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI > debug3: monitor_read: checking request 0 > debug3: mm_answer_moduli: got parameters: 1024 2048 8192 > debug3: mm_request_receive_expect entering: type 1 > debug3: mm_request_receive entering > debug3: mm_request_send entering: type 1 > debug2: monitor_read: 0 used once, disabling now > debug3: mm_request_receive entering > debug3: mm_choose_dh: remaining 0 > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug1: dh_gen_key: priv key bits set: 121/256 > debug1: bits set: 1612/3191 > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug1: bits set: 1595/3191 > debug3: mm_key_sign entering > debug3: mm_request_send entering: type 4 > debug3: monitor_read: checking request 4 > debug3: mm_answer_sign > debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN > debug3: mm_request_receive_expect entering: type 5 > debug3: mm_request_receive entering > debug3: mm_answer_sign: signature 0x809f278(55) > debug3: mm_request_send entering: type 5 > debug2: monitor_read: 4 used once, disabling now > debug3: mm_request_receive entering > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user download service ssh-connection method > none > debug1: attempt 0 failures 0 > debug3: mm_getpwnamallow entering > debug3: mm_request_send entering: type 6 > debug3: monitor_read: checking request 6 > debug3: mm_answer_pwnamallow > debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM > debug3: mm_request_receive_expect entering: type 7 > debug3: mm_request_receive entering > debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 > debug3: mm_request_send entering: type 7 > debug2: monitor_read: 6 used once, disabling now > debug3: mm_request_receive entering > debug2: input_userauth_request: setting up authctxt for download > debug3: mm_start_pam entering > debug3: mm_request_send entering: type 41 > debug3: mm_inform_authserv entering > debug3: monitor_read: checking request 41 > debug1: Starting up PAM with username "download" > debug3: mm_request_send entering: type 3 > debug2: input_userauth_request: try method none > debug3: mm_auth_password entering > debug3: mm_request_send entering: type 10 > debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD > debug3: mm_request_receive_expect entering: type 11 > debug3: mm_request_receive entering > debug3: Trying to reverse map address 129.24.246.132. > debug1: PAM setting rhost to "dhcp132.ahpcc.unm.edu" > debug2: monitor_read: 41 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style> debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 10 > debug3: mm_answer_authpassword: sending result 0 > debug3: mm_request_send entering: type 11 > Failed none for download from 129.24.246.132 port 1179 ssh2 > debug3: mm_request_receive entering > debug3: mm_auth_password: user not authenticated > Failed none for download from 129.24.246.132 port 1179 ssh2 > debug1: userauth-request for user download service ssh-connection method > keyboard-interactive > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method keyboard-interactive > debug1: keyboard-interactive devs > debug1: auth2_challenge: user=download devs> debug1: kbdint_alloc: devices '' > debug2: auth2_challenge_start: devices > Failed keyboard-interactive for download from 129.24.246.132 port 1179 > ssh2 > debug1: userauth-request for user download service ssh-connection method > password > debug1: attempt 2 failures 2 > debug2: input_userauth_request: try method password > debug3: mm_auth_password entering > debug3: mm_request_send entering: type 10 > debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD > debug3: mm_request_receive_expect entering: type 11 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 10 > debug1: PAM Password authentication accepted for user "download" > debug3: mm_answer_authpassword: sending result 1 > debug3: mm_request_send entering: type 11 > debug3: mm_auth_password: user authenticated > Accepted password for download from 129.24.246.132 port 1179 ssh2 > debug3: mm_send_keystate: Sending new keys: 0x809e408 0x809d4b0 > debug3: mm_newkeys_to_blob: converting 0x809e408 > debug3: mm_newkeys_to_blob: converting 0x809d4b0 > debug3: mm_send_keystate: New keys have been sent > debug3: mm_send_keystate: Sending compression state > debug3: mm_request_send entering: type 24 > debug3: mm_send_keystate: Finished sending state > debug2: pam_acct_mgmt() = 0 > Accepted password for download from 129.24.246.132 port 1179 ssh2 > debug1: monitor_child_preauth: download has been authenticated by > privileged process > debug3: mm_get_keystate: Waiting for new keys > debug3: mm_request_receive_expect entering: type 24 > debug3: mm_request_receive entering > debug3: mm_newkeys_from_blob: 0x80a97c0(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Waiting for second key > debug3: mm_newkeys_from_blob: 0x80a97c0(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Getting compression state > debug3: mm_get_keystate: Getting Network I/O buffers > debug3: mm_share_sync: Share sync > debug3: mm_share_sync: Share sync end > debug2: User child is on pid 32412 > debug3: mm_request_receive entering > debug1: PAM establishing creds > debug1: permanently_set_uid: 31618/100 > debug1: newkeys: mode 0 > debug1: newkeys: mode 1 > debug1: Entering interactive session for SSH2. > debug1: fd 7 setting O_NONBLOCK > debug1: fd 8 setting O_NONBLOCK > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 65536 max > 16384 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_channel_req: channel 0 request pty-req reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > debug1: lastlog_openseek: Couldn't open /var/log/lastlog: Permission > denied > debug1: Allocating pty. > debug3: mm_request_send entering: type 25 > debug3: monitor_read: checking request 25 > debug3: mm_answer_pty entering > debug1: session_new: init > debug1: session_new: session 0 > debug3: mm_request_send entering: type 26 > debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY > debug3: mm_request_receive_expect entering: type 26 > debug3: mm_request_receive entering > debug1: session_pty_req: session 0 alloc /dev/pts/4 > debug3: mm_answer_pty: tty /dev/pts/4 ptyfd 3 > debug3: mm_request_receive entering > debug3: tty_parse_modes: SSH2 n_bytes 251 > debug3: tty_parse_modes: ospeed 38400 > debug3: tty_parse_modes: ispeed 38400 > debug3: tty_parse_modes: 1 3 > debug3: tty_parse_modes: 2 28 > debug3: tty_parse_modes: 3 8 > debug3: tty_parse_modes: 4 21 > debug3: tty_parse_modes: 5 4 > debug3: tty_parse_modes: 6 255 > debug3: tty_parse_modes: 7 255 > debug3: tty_parse_modes: 8 17 > debug3: tty_parse_modes: 9 19 > debug3: tty_parse_modes: 10 26 > debug1: Ignoring unsupported tty mode opcode 11 (0xb) > debug3: tty_parse_modes: 12 18 > debug3: tty_parse_modes: 13 23 > debug3: tty_parse_modes: 14 22 > debug1: Ignoring unsupported tty mode opcode 17 (0x11) > debug3: tty_parse_modes: 18 15 > debug3: tty_parse_modes: 30 0 > debug3: tty_parse_modes: 31 0 > debug3: tty_parse_modes: 32 0 > debug3: tty_parse_modes: 33 0 > debug3: tty_parse_modes: 34 0 > debug3: tty_parse_modes: 35 0 > debug3: tty_parse_modes: 36 1 > debug3: tty_parse_modes: 38 1 > debug3: tty_parse_modes: 39 1 > debug3: tty_parse_modes: 40 0 > debug3: tty_parse_modes: 41 1 > debug3: tty_parse_modes: 50 1 > debug3: tty_parse_modes: 51 1 > debug3: tty_parse_modes: 53 1 > debug3: tty_parse_modes: 54 1 > debug3: tty_parse_modes: 55 1 > debug3: tty_parse_modes: 56 0 > debug3: tty_parse_modes: 57 0 > debug3: tty_parse_modes: 58 0 > debug3: tty_parse_modes: 59 1 > debug3: tty_parse_modes: 60 1 > debug3: tty_parse_modes: 61 1 > debug3: tty_parse_modes: 62 1 > debug3: tty_parse_modes: 70 1 > debug3: tty_parse_modes: 72 1 > debug3: tty_parse_modes: 73 0 > debug3: tty_parse_modes: 74 0 > debug3: tty_parse_modes: 75 0 > debug3: tty_parse_modes: 90 1 > debug3: tty_parse_modes: 91 1 > debug3: tty_parse_modes: 92 0 > debug3: tty_parse_modes: 93 0 > debug1: server_input_channel_req: channel 0 request x11-req reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req x11-req > debug1: bind port 6010: Cannot assign requested address > debug1: bind port 6011: Cannot assign requested address > > <snip -- more failed attempts to bind a port. It does try all of them > from 6010 to 6999.> > > debug1: bind port 6998: Cannot assign requested address > debug1: bind port 6999: Cannot assign requested address > Failed to allocate internet-domain X11 display socket. > debug1: x11_create_display_inet failed. > debug1: server_input_channel_req: channel 0 request shell reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > debug1: PAM setting tty to "/dev/pts/4" > debug1: PAM establishing creds > debug1: fd 4 setting TCP_NODELAY > debug1: channel 0: rfd 10 isatty > debug1: fd 10 setting O_NONBLOCK > debug2: fd 9 is O_NONBLOCK > debug1: Setting controlling tty using TIOCSCTTY. > > My configuration (defaults and blanks stripped): > # awk '!/^$|^#/ {print}' /etc/ssh/sshd_config > HostKey /etc/ssh/ssh_host_key > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > SyslogFacility AUTHPRIV > X11Forwarding yes > X11DisplayOffset 10 > UsePrivilegeSeparation yes > Subsystem sftp /usr/libexec/openssh/sftp-server > > > This is built from a source rpm from redhat > (http://ftp.redhat.com/pub/redhat/linux/rawhide/SRPMS/SRPMS/openssh-3.5p1-3.src.rpm) > > I modified the openssh.spec file slightly: > # diff -u openssh.spec openssh.spec.orig > --- openssh.spec 2003-01-21 11:31:15.000000000 -0700 > +++ openssh.spec.orig 2003-01-21 11:30:34.000000000 -0700 > @@ -9,7 +9,7 @@ > %define no_x11_askpass 0 > > # Do we want to disable building of gnome-askpass? (1=yes 0=no) > -%define no_gnome_askpass 1 > +%define no_gnome_askpass 0 > > # Do we want to link against a static libcrypto? (1=yes 0=no) > %define static_libcrypto 0 > @@ -24,10 +24,10 @@ > %define build6x 0 > > # Disable IPv6 (avoids DNS hangs on some glibc versions) > -%define noip6 1 > +%define noip6 0 > > # Do we want kerberos5 support (1=yes 0=no) > -%define kerberos5 0 > +%define kerberos5 1 > > # Whether or not /sbin/nologin exists. > %define nologin 1 > > > Also, I saw some stuff in the archives about IPV6 causing some > problems. I'm not using IPV6: > grep IPV6 /usr/src/linux/.config > # CONFIG_IPV6 is not set > > I've also tried passing -4 to both the client and the server to ensure > they don't get confused about v4 vs. v6. > > Please let me know if additional information would be helpful. I'll be > more than happy to provide it. > > Any help would be greatly appreciated, > Jim > > > > > >