Bug#595311: openssh-client: untrusted X11 forwarding broken

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#595311: openssh-client: untrusted X11 forwarding broken
From: Andreas Ferber <af+debian-bugregports@chaos-agency.de>
Date: Fri, 03 Sep 2010 00:02:50 +0200
Message-id: <[🔎] 20100902220250.4310.12732.reportbug@xena.hq.chaos-agency.de>
Reply-to: Andreas Ferber <af+debian-bugregports@chaos-agency.de>, 595311@bugs.debian.org

Package: openssh-client
Version: 1:5.5p1-4
Severity: important

After upgrading my system to testing, X11 forwarding in ssh stopped
working. When trying to open a connection with untrusted X11 forwarding,
the following happens:

-----------
% ssh -X sirius6
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
% echo $DISPLAY
localhost:10.0
% xterm
Invalid MIT-MAGIC-COOKIE-1 keyxterm Xt error: Can't open display: localhost:10.0
-----------

However TRUSTED X11 forwarding (-Y) works as expected.

Debug output doesn't reveal anything, ssh is calling the correct xauth
binary, however somehow the remote side doesn't get a valid cookie.

Andreas

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (650, 'testing'), (550, 'stable'), (120, 'unstable'), (99, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser               3.112              add and remove users and groups
ii  cdebconf [debconf-2.0 0.150              Debian Configuration Management Sy
ii  debconf [debconf-2.0] 1.5.35             Debian configuration management sy
ii  dpkg                  1.15.7.2           Debian package management system
ii  libc6                 2.11.2-2           Embedded GNU C Library: Shared lib
ii  libedit2              2.11-20080614-1    BSD editline and history libraries
ii  libgssapi-krb5-2      1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries - k
ii  libssl0.9.8           0.9.8o-2           SSL shared libraries
ii  passwd                1:4.1.4.2-1        change and administer password and
ii  zlib1g                1:1.2.3.4.dfsg-3   compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.4-1  X authentication utility

Versions of packages openssh-client suggests:
ii  keychain                     2.6.8-2     key manager for OpenSSH
ii  ksshaskpass [ssh-askpass]    0.5.3-1     interactively prompt users for a p
pn  libpam-ssh                   <none>      (no description available)
ii  ssh-askpass                  1:1.2.4.1-9 under X, asks user for a passphras
ii  ssh-askpass-gnome [ssh-askpa 1:5.5p1-4   interactive X program to prompt us

-- no debconf information

Reply to:

Next by Date: Processed: tagging 553675
Next by thread: Processed: tagging 553675
Index(es):
- Date
- Thread