On 13/10/2017 15:29, Michael Felt wrote:> This verifies it is xauth related: > > debug3: sending debug message: No xauth program; cannot forward with > spoofing. > > so, added an extra debug - and this is what I see: > > debug1: session_input_channel_req: session 0 req x11-req > debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth > debug3: sending debug message: No xauth program; cannot forward with > spoofing. >...> And, I expect noone from IBM has ever said anything - as they still > use OpenSSH-6.0 as a base, although they are also using OpenSSH-7.1, > both of which are not affected by the fix for OpenSSH-7.2. >Or - MY error is more likely. By chance I must of had the fileset bos.X11.config installed - so configure was able to find a value for xauth. Now I know I need to add the configure option --with-xauth=/usr/bin/X11/xauth Many thanks for the hints - to get this resolved!> Studying further - but maybe you already know what needs to be done.
On Fri, 13 Oct 2017, Michael Felt wrote:> On 13/10/2017 15:29, Michael Felt wrote: > > This verifies it is xauth related: > > > > debug3: sending debug message: No xauth program; cannot forward with > > spoofing. > > > > so, added an extra debug - and this is what I see: > > > > debug1: session_input_channel_req: session 0 req x11-req > > debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth > > debug3: sending debug message: No xauth program; cannot forward with > > spoofing. > > > ... > > And, I expect noone from IBM has ever said anything - as they still use > > OpenSSH-6.0 as a base, although they are also using OpenSSH-7.1, both of > > which are not affected by the fix for OpenSSH-7.2. > > > Or - MY error is more likely. By chance I must of had the fileset > bos.X11.config installed - so configure was able to find a value for xauth. > > Now I know I need to add the configure option --with-xauth=/usr/bin/X11/xauth > > Many thanks for the hints - to get this resolved!I've also committed the packet.c diff to log debug messages, so this might be easier to spot in the future from server logs alone. -d
Certainly sends a strong hint. Thx again. Sent from my iPhone> On 13 Oct 2017, at 23:16, Damien Miller <djm at mindrot.org> wrote: > > > >> On Fri, 13 Oct 2017, Michael Felt wrote: >> >>> On 13/10/2017 15:29, Michael Felt wrote: >>> This verifies it is xauth related: >>> >>> debug3: sending debug message: No xauth program; cannot forward with >>> spoofing. >>> >>> so, added an extra debug - and this is what I see: >>> >>> debug1: session_input_channel_req: session 0 req x11-req >>> debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth >>> debug3: sending debug message: No xauth program; cannot forward with >>> spoofing. >>> >> ... >>> And, I expect noone from IBM has ever said anything - as they still use >>> OpenSSH-6.0 as a base, although they are also using OpenSSH-7.1, both of >>> which are not affected by the fix for OpenSSH-7.2. >>> >> Or - MY error is more likely. By chance I must of had the fileset >> bos.X11.config installed - so configure was able to find a value for xauth. >> >> Now I know I need to add the configure option --with-xauth=/usr/bin/X11/xauth >> >> Many thanks for the hints - to get this resolved! > > I've also committed the packet.c diff to log debug messages, so this might > be easier to spot in the future from server logs alone. > > -d > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev