James Rippas
2001-Jul-02 21:00 UTC
2.9p2 -- ForwardX11 fails -- X11 connection uses different authentication protocol
Hi, I just grabed the 2.9p2 and can't forward X11 connections. This worked fine for me under 2.9p1 but with 2.9p2 it seems that $XAUTHORITY isn't getting set and when I try and set it manually connections to the Xserver still fail with: debug1: X11 connection uses different authentication protocol. debug1: X11 rejected 1 i1/o16 Verbose debugs below. client: OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Reading configuration data /home/jrippas/.ssh/config debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1676 geteuid 0 anon 1 debug1: Connecting to ratbert [192.168.90.30] port 22. debug1: temporarily_use_uid: 1676/121 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 1676/121 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/jrippas/.ssh/identity type 0 debug3: No RSA1 key file /home/jrippas/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: no key found debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: no key found debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: no key found debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: no key found debug1: identity file /home/jrippas/.ssh/id_rsa type 1 debug1: identity file /home/jrippas/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2 debug1: match: OpenSSH_2.9p2 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_2.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gup1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndaelbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfouaes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndaelbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at opssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at opssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gup1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfouaes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndaelbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfouaes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndaelbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at opssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at opssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 132/256 debug1: bits set: 1007/2049 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/jrippas/.ssh/known_hosts2 debug3: check_host_in_hostfile: match line 39 debug3: check_host_in_hostfile: filename /home/jrippas/.ssh/known_hosts2 debug3: check_host_in_hostfile: match line 39 debug1: Host 'ratbert' is known and matches the RSA host key. debug1: Found key in /home/jrippas/.ssh/known_hosts2:39 debug1: bits set: 1020/2049 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interacve,hostbased debug3: start over, passed a different list publickey,password,keyboard-interaive,hostbased debug3: preferred publickey,password,keyboard-interactive debug3: authmethod_lookup publickey debug3: remaining preferred: password,keyboard-interactive debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try pubkey: /home/jrippas/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 142f48 hint 1 debug2: input_userauth_pk_ok: fp fc:0c:ec:64:78:de:f2:ec:98:c6:89:7e:74:e3:83: debug3: sign_and_send_pubkey debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/jrippas/.ssh/id_rsa': debug1: read PEM private key done: type RSA debug2: ssh_rsa_sign: done debug1: ssh-userauth2 successful: method publickey debug3: clear hostkey 0 debug3: clear hostkey 1 debug3: clear hostkey 2 debug1: channel 0: new [client-session] debug1: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: client_init id 0 arg 0 debug2: tty_make_modes: ospeed 9600 debug2: tty_make_modes: ispeed 0 debug2: tty_make_modes: 1 3 debug2: tty_make_modes: 2 28 debug2: tty_make_modes: 3 127 debug2: tty_make_modes: 4 21 debug2: tty_make_modes: 5 4 debug2: tty_make_modes: 6 0 debug2: tty_make_modes: 7 0 debug2: tty_make_modes: 8 17 debug2: tty_make_modes: 9 19 debug2: tty_make_modes: 10 26 debug2: tty_make_modes: 11 25 debug2: tty_make_modes: 12 18 debug2: tty_make_modes: 13 23 debug2: tty_make_modes: 14 22 debug2: tty_make_modes: 16 0 debug2: tty_make_modes: 18 15 debug2: tty_make_modes: 30 0 debug2: tty_make_modes: 31 0 debug2: tty_make_modes: 32 0 debug2: tty_make_modes: 33 0 debug2: tty_make_modes: 34 0 debug2: tty_make_modes: 35 0 debug2: tty_make_modes: 36 1 debug2: tty_make_modes: 37 0 debug2: tty_make_modes: 38 1 debug2: tty_make_modes: 39 0 debug2: tty_make_modes: 40 0 debug2: tty_make_modes: 41 0 debug2: tty_make_modes: 50 1 debug2: tty_make_modes: 51 1 debug2: tty_make_modes: 52 0 debug2: tty_make_modes: 53 1 debug2: tty_make_modes: 54 1 debug2: tty_make_modes: 55 1 debug2: tty_make_modes: 56 0 debug2: tty_make_modes: 57 0 debug2: tty_make_modes: 58 0 debug2: tty_make_modes: 59 1 debug2: tty_make_modes: 60 1 debug2: tty_make_modes: 61 1 debug2: tty_make_modes: 62 0 debug2: tty_make_modes: 70 1 debug2: tty_make_modes: 71 0 debug2: tty_make_modes: 72 1 debug2: tty_make_modes: 73 0 debug2: tty_make_modes: 74 0 debug2: tty_make_modes: 75 0 debug2: tty_make_modes: 90 1 debug2: tty_make_modes: 91 1 debug2: tty_make_modes: 92 1 debug2: tty_make_modes: 93 0 debug1: Requesting X11 forwarding with authentication spoofing. debug1: channel request 0: shell debug2: callback done debug1: channel 0: open confirm rwindow 0 rmax 16384 debug2: channel 0: rcvd adjust 32768 Environment: TZ=US/Eastern SSH_CLIENT=192.168.91.91 41852 22 SSH_TTY=/dev/pts/1 TERM=xterm DISPLAY=ratbert:11.0 Last login: Mon Jul 2 15:48:26 from l7 Sun Microsystems Inc. SunOS 5.8 Generic February 2000 1 ratbert(jrippas) % xterm debug1: client_input_channel_open: ctype x11 rchan 3 win 4096 max 2048 debug1: client_request_x11: request from 192.168.90.30 47841 debug1: fd 9 setting O_NONBLOCK debug1: fd 9 IS O_NONBLOCK debug1: channel 1: new [x11] debug1: confirm x11 debug1: X11 connection uses different authentication protocol. debug1: X11 rejected 1 i1/o16 debug1: channel 1: read failed debug1: channel 1: input open -> drain debug1: channel 1: close_read debug1: channel 1: input: no drain shortcut debug1: channel 1: ibuf empty debug1: channel 1: input drain -> closed debug1: channel 1: send eof debug1: channel 1: write failed debug1: channel 1: output open -> closed debug1: channel 1: close_write debug1: X11 closed 1 i8/o128 debug1: channel 1: send close debug1: channel 1: rcvd close debug1: channel 1: is dead debug1: channel_free: channel 1: status: The following connections are open: #0 client-session (t4 r0 i1/0 o16/0 fd 6/7) #1 x11 (t7 r3 i8/0 o128/0 fd 9/9) X connection to ratbert:11.0 broken (explicit kill or server shutdown). Server: debug1: Seeding random number generator debug1: sshd version OpenSSH_2.9p2 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: read PEM private key done: type RSA debug1: private host key: #2 type 1 RSA debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 192.168.91.91 port 41852 debug1: Client protocol version 2.0; client software version OpenSSH_2.9p1 debug1: match: OpenSSH_2.9p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_2.9p2 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: list_hostkey_types: ssh-dss,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 122/256 debug1: bits set: 1020/2049 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1007/2049 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user jrippas service ssh-connection method none debug1: attempt 0 failures 0 Failed none for jrippas from 192.168.91.91 port 41852 ssh2 debug1: userauth-request for user jrippas service ssh-connection method publickey debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 1676/121 (e=0) debug1: matching key found: file /home/jrippas/.ssh/authorized_keys2, line 1 debug1: restore_uid Postponed publickey for jrippas from 192.168.91.91 port 41852 ssh2 debug1: userauth-request for user jrippas service ssh-connection method publickey debug1: attempt 2 failures 1 debug1: temporarily_use_uid: 1676/121 (e=0) debug1: matching key found: file /home/jrippas/.ssh/authorized_keys2, line 1 debug1: restore_uid debug1: ssh_rsa_verify: signature correct Accepted publickey for jrippas from 192.168.91.91 port 41852 ssh2 debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 32768 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request pty-req reply 0 debug1: session_pty_req: session 0 alloc /dev/pts/1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request x11-req reply 0 debug1: Received request for X11 forwarding with auth spoofing. debug1: bind port 6010: Address already in use debug1: fd 10 setting O_NONBLOCK debug1: fd 10 IS O_NONBLOCK debug1: channel 1: new [X11 inet listener] debug1: fd 11 setting O_NONBLOCK debug1: fd 11 IS O_NONBLOCK debug1: channel 2: new [X11 inet listener] debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request shell reply 0 debug1: fd 9 setting O_NONBLOCK debug1: fd 8 IS O_NONBLOCK debug1: X11 connection requested. debug1: fd 13 IS O_NONBLOCK debug1: fd 13 IS O_NONBLOCK debug1: channel 3: new [X11 connection from 192.168.90.30 port 47841] debug1: channel 3: open confirm rwindow 32768 rmax 2048 debug1: channel 3: rcvd eof debug1: channel 3: output open -> drain debug1: channel 3: rcvd close debug1: channel 3: input open -> closed debug1: channel 3: close_read debug1: channel 3: obuf empty debug1: channel 3: output drain -> closed debug1: channel 3: close_write debug1: channel 3: send close debug1: channel 3: is dead debug1: channel_free: channel 3: status: The following connections are open: #0 server-session (t4 r0 i1/0 o16/0 fd 9/8) #3 X11 connection from 192.168.90.30 47841 (t4 r1 i8/0 o128/0 fd 13/13) debug1: channel 0: read<=0 rfd 9 len 0 debug1: channel 0: read failed debug1: channel 0: input open -> drain debug1: channel 0: close_read debug1: channel 0: input: no drain shortcut debug1: channel 0: ibuf empty debug1: channel 0: input drain -> closed debug1: channel 0: send eof debug1: Received SIGCHLD. debug1: session_by_pid: pid 17966 debug1: session_exit_message: session 0 channel 0 pid 17966 debug1: session_exit_message: release channel 0 debug1: channel 0: write failed debug1: channel 0: output open -> closed debug1: channel 0: close_write debug1: session_pty_cleanup: session 0 release /dev/pts/1 debug1: session_free: session 0 pid 17966 debug1: channel 0: send close debug1: channel 0: rcvd close debug1: channel 0: is dead debug1: channel_free: channel 0: status: The following connections are open: #0 server-session (t4 r0 i8/0 o128/0 fd -1/-1) Connection closed by remote host. debug1: channel_free: channel 1: status: The following connections are open: debug1: channel_free: channel 2: status: The following connections are open: -------------- next part -------------- --------------------------------------------------------- This e-mail contains information some or all of which may be confidential, proprietary and/or legally privileged. If an addressing or transmission error has misdirected this e-mail, please notify the sender by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. ---------------------------------------------------------
Possibly Parallel Threads
- [Bug 387] New: command="" in authorized_keys fails when sshd_config has "PermitRootLogon forced-commands-only"
- [Bug 837] connection closed by remote host
- 3.8p1 password expiry, Solaris 8
- Case where ssh hangs on exit with 2.9.9p2 on Sol8
- OpenVMS SSH password expiry woes continue
Wisdom of the Ancients
