openssh unix dev - Nov 1999 - ssh/openssh and X authentication

I've currently got a couple of boxes which obtain their IP address via 
DHCP, and as a consequence do not have a mapping in /etc/hosts for 
their own IP/name... but helpfully (!) they have their name mapping to 
127.0.0.1

This breaks X authentication... - openssh (and also ssh) makes an 
apparently valid xauth entry, but all attempts to start clients gives 
"X11 connection rejected because of wrong authentication."  Hacking
the
DISPLAY & xauth entries to use the real IP address of the box, or even 
127.0.0.2 works fine, so it appears that something (maybe outside ssh) 
is special casing 127.0.0.1

Would it be possible to make sshd use the IP address of the local 
socket rather than the hostname to give to xauth?
Alternatively is there some good reason as to why 127.0.0.1 is not 
working?

I can do the coding on this - however I want to find out if there is a 
good reason for current behaviour before making patches that get 
rejected (!).

	Nigel.
	 
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham at VData.co.uk ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]

On 1999-11-29 at 15:29:37, Nigel Metheringham wrote:
> I've currently got a couple of boxes which obtain their IP address via 
> DHCP, and as a consequence do not have a mapping in /etc/hosts for 
> their own IP/name... but helpfully (!) they have their name mapping to 
> 127.0.0.1
i have a similar setup here, except with names mapping to 0.0.0.0; i
forget why, but mapping to 127.0.0.1 didn't work well for me for some
reason. Probably i did something wrong.
> This breaks X authentication... - openssh (and also ssh) makes an 
> apparently valid xauth entry, but all attempts to start clients gives 
> "X11 connection rejected because of wrong authentication." 
Hacking the
> DISPLAY & xauth entries to use the real IP address of the box, or even 
> 127.0.0.2 works fine, so it appears that something (maybe outside ssh) 
> is special casing 127.0.0.1
I think it's X itself, using unix domain sockets to connect to the
localhost. opensshd only puts an internet domain entry in the xauth
file. I managed to solve it on my system by having sshd do a second
xauth with "/unix" inserted just before the ':' in the display
variable
in sshd.c.

I've filed more information in the Debian GNU/Linux bug tracking
database, at <http://cgi.debian.org/cgi-bin/bugreport.cgi?bug=49944>.
I'm not subscribed to openssh-unix-dev, so CCs of replies would be
welcome.


-- 
  finger for GPG public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/19991206/b5ebc680/attachment.bin