Bug#764608: patch for X11 forwarding when pam_namespace.so is used on SSH client
Package: openssh-client
Severity: normal
Version: 6.7
Tags: patch
I just checked debian/changelog and the 6.7 release announcement. The following issue hasn't been addressed yet in Debian, nor by upstream.
If on the SSH client side a session is running with pam_namespace.so in use, it is impossible to do X11 port forwarding. The ssh client tries to connect to /tmp/.X11-unix/X<displayport> which is out of reach with pam_namespace sessions.
Instead, ssh client should connect the X11 forwarding end point to the X11 socket in kernel namespace (@/tmp/.X11-unix/X<displayport>).
A patch is available in the Fedora OpenSSH package [1].
Greets,
Mike
[1] http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-5.5p1-x11.patch
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976148
GnuPG Key ID 0x25771B13
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Reply to: