Bug#354127: ssh: X forwarding stopped working, no changes to config files
Package: ssh
Version: 1:4.2p1-5
Severity: normal
I SSH into my server every day, and then start an mrxvt terminal to be
forwarded back to my desktop. Yesterday after updating a large number of
packages, X forwarding stopped working spontaneously, I made no changes
to
configuration files. I double-checked ssh_config on both desktop and
server
with backups, and verified that they were not changed.
My desktop/ssh client is running Debian testing, my server is running
Debian stable. This bug report/config info below is on my
desktop/client. Following is debug output from my attempt to use X
forwarding, ssh from desktop to server:
$ ssh -v -X router
OpenSSH_4.2p1 Debian-5, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to router [192.168.9.1] port 22.
debug1: Connection established.
debug1: identity file /home/ckoen/.ssh/identity type -1
debug1: identity file /home/ckoen/.ssh/id_rsa type -1
debug1: identity file /home/ckoen/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.8.1p1 Debian-8.sarge.4
debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'router' is known and matches the RSA host key.
debug1: Found key in /home/ckoen/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ckoen/.ssh/identity
debug1: Trying private key: /home/ckoen/.ssh/id_rsa
debug1: Trying private key: /home/ckoen/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Warning: No xauth data; using fake authentication data for X11
forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US
No mail.
ckoen@4[ckoen]$ mrxvt -bg red &
[1] 19612
debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 3437
debug1: channel 1: new [x11]
debug1: confirm x11
ckoen@4[ckoen]$ Xlib: connection to "localhost:11.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
debug1: channel 1: free: x11, nchannels 2
mrxvt: can't open display localhost:11.0
[1]+ Exit 1 mrxvt -bg red
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-a21m.16
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages ssh depends on:
ii openssh-client 1:4.2p1-5 Secure shell client, an rlogin/rsh
ii openssh-server 1:4.2p1-5 Secure shell server, an rshd repla
ssh recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/privsep_ask: true
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/SUID_client: true
ssh/disable_cr_auth: false
* ssh/privsep_tell:
ssh/ssh2_keys_merged:
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
Reply to: