Dirk Wetter
2000-Sep-04 19:00 UTC
msg "X11 connection uses different authentication protocol" ?
Hi, using OpenSSH_2.1.1 p4 i have problems with X11 forwarding. I used the same sources for Solaris and Linux. Tried nearly every combination, but it seems that the "opensshd" for Solaris has some problems. Of course i tried to connect with "ssh -X", the server has in its /etc/sshd_config: X11Forwarding yes X11DisplayOffset 10 XAuthLocation /usr/openwin/bin/xauth The client doesn't have any config file, neither for Linux nor for Solaris (same NFS homedir). - it doesn't depend on the client, i checked with an non-free ssh client or use Linux instead. Both works. - i checked the x11 fwd'ing with the openssh client on a non-free server on Solaris as well to an openssh server on Linux, both works too. So, every time when i try to use x11 forwarding the Solaris server using the openssh daemon, it fails. Attached you find an output from an openssh client to an openssh server, both on Solaris. I know this is not the latest version. But since i could find anything in the changelog for 2.2.0p1 which could have addressed this issue or in the archived mailing list, i dare to send this mail ;-) Thanks for your help, </dirk> PS: please CC to me, I am not on this list. -------------- next part -------------- server:~ # /usr/sbin/sshd -d debug: sshd version OpenSSH_2.1.1 debug: Command 'ls -alni /var/mail' timed out debug: Seeded RNG with 41 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: read DSA private key done debug: Seeded RNG with 40 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug: Seeded RNG with 40 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: Command 'ls -alni /var/mail' timed out debug: Seeded RNG with 41 bytes from programs debug: Seeded RNG with 3 bytes from system calls RSA key generation complete. debug: Server will not fork when running in debugging mode. Connection from client-ip port 890 debug: Client protocol version 1.5; client software version OpenSSH_2.1.1 debug: Local version string SSH-1.99-OpenSSH_2.1.1 debug: Sent 768 bit public key and 1024 bit host key. debug: Encryption type: 3des debug: Received session key; encryption turned on. debug: Installing crc compensation attack detector. debug: Starting up PAM with username "userid" debug: Attempting authentication for userid. debug: Trying rhosts with RSA host authentication for userid debug: Rhosts RSA authentication: canonical host client Rhosts with RSA host authentication accepted for userid, userid on client. Accepted rhosts-rsa for userid from client-ip port 890 ruser userid debug: PAM setting rhost to "client" debug: PAM setting ruser to "userid" debug: session_new: init debug: session_new: session 0 debug: Allocating pty. debug: Received request for X11 forwarding with auth spoofing. debug: fd 14 setting O_NONBLOCK debug: channel 0: new [X11 inet listener] debug: PAM setting tty to "/dev/pts/9" debug: PAM establishing creds debug: Entering interactive session. debug: fd 12 setting O_NONBLOCK debug: server_init_dispatch_13 debug: server_init_dispatch_15 debug: tvp!=NULL kid 0 mili 10 on the client side was issued "ssh -v -X": userid at client[~:512] ssh -X -v server SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh_config debug: Command 'ls -alni /var/mail' timed out debug: Seeded RNG with 39 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: ssh_connect: getuid 505 geteuid 0 anon 0 debug: Connecting to server [server-ip] port 22. debug: Seeded RNG with 39 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: Allocated local port 890. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1 debug: Local version string SSH-1.5-OpenSSH_2.1.1 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'server' is known and matches the RSA host key. debug: Seeded RNG with 39 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying rhosts or /etc/hosts.equiv with RSA host authentication. debug: Remote: Accepted for client [client-ip] by /etc/hosts.equiv. debug: Received RSA challenge for host key from server. debug: Sending response to host key RSA challenge. debug: Remote: Rhosts with RSA host authentication accepted. debug: Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server. debug: Requesting pty. debug: Requesting X11 forwarding with authentication spoofing. debug: Requesting shell. debug: Entering interactive session. Environment: TZ=US/Eastern SSH_CLIENT=client-ip 890 22 SSH_TTY=/dev/pts/9 TERM=xterm DISPLAY=server:10.0 XAUTHORITY=/tmp/ssh-zXXT5224/cookies [...] userid at server[~:512] echo $DISPLAY $TERM xterm userid at server[~:513] xterm -display server:10.0 debug: Received X11 open request. debug: fd 9 setting O_NONBLOCK debug: channel 0: new [X11 connection from server port 35530] debug: X11 connection uses different authentication protocol. debug: X11 rejected 0 i1/o16 debug: channel 0: read failed debug: channel 0: input open -> drain debug: channel 0: close_read debug: channel 0: input: no drain shortcut debug: channel 0: ibuf empty debug: channel 0: input drain -> wait_oclose debug: channel 0: send ieof debug: channel 0: write failed debug: channel 0: output open -> wait_ieof debug: channel 0: send oclose debug: channel 0: close_write debug: X11 closed 0 i4/o64 debug: channel 0: rcvd ieof debug: channel 0: non-open channel 0: istate 4 != open channel 0: ostate 64 != open debug: channel 0: rcvd oclose debug: channel 0: input wait_oclose -> closed X connection to server:10.0 broken (explicit kill or server shutdown). userid at server[~:516] netstat -a | grep '\.60' *.6000 *.* 0 0 0 0 LISTEN *.6010 *.* 0 0 0 0 LISTEN server.6010 server.35530 32768 0 32768 0 TIME_WAIT
Apparently Analagous Threads
- X forwarding from Linux -> Irix not working
- [Bug 176] New: OpenSSH_3.1p1 gives X_ShmAttach error on forwarded X11 channel
- [Bug 185] New: --with-ipv4-default breaks X11-forwarding on HP-UX 10.20
- 3.4p1 X forwarding under AIX
- Work around Linux kernel bug provoked by nchan.c