[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#595311: openssh-client: untrusted X11 forwarding broken

Package: openssh-client
Version: 1:5.5p1-4
Severity: important

After upgrading my system to testing, X11 forwarding in ssh stopped
working. When trying to open a connection with untrusted X11 forwarding,
the following happens:

% ssh -X sirius6
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
% echo $DISPLAY
% xterm
Invalid MIT-MAGIC-COOKIE-1 keyxterm Xt error: Can't open display: localhost:10.0

However TRUSTED X11 forwarding (-Y) works as expected.

Debug output doesn't reveal anything, ssh is calling the correct xauth
binary, however somehow the remote side doesn't get a valid cookie.


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (650, 'testing'), (550, 'stable'), (120, 'unstable'), (99, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser               3.112              add and remove users and groups
ii  cdebconf [debconf-2.0 0.150              Debian Configuration Management Sy
ii  debconf [debconf-2.0] 1.5.35             Debian configuration management sy
ii  dpkg                   Debian package management system
ii  libc6                 2.11.2-2           Embedded GNU C Library: Shared lib
ii  libedit2              2.11-20080614-1    BSD editline and history libraries
ii  libgssapi-krb5-2      1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries - k
ii  libssl0.9.8           0.9.8o-2           SSL shared libraries
ii  passwd                1:        change and administer password and
ii  zlib1g                1:   compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.4-1  X authentication utility

Versions of packages openssh-client suggests:
ii  keychain                     2.6.8-2     key manager for OpenSSH
ii  ksshaskpass [ssh-askpass]    0.5.3-1     interactively prompt users for a p
pn  libpam-ssh                   <none>      (no description available)
ii  ssh-askpass                  1: under X, asks user for a passphras
ii  ssh-askpass-gnome [ssh-askpa 1:5.5p1-4   interactive X program to prompt us

-- no debconf information

Reply to: