no longer honors X11 forwarding

On Mon, Sep 03, 2007 at 07:55:41AM -0000, Martin-Éric Racine wrote:
> When connecting to this Gutsy host, the DISPLAY environment variable
> is empty, which obviously means that X11 forwarding will fail. This
> wasn't the case until a few days ago.

Are you sure X11 forwarding is enabled? Check:

sudo grep X11Forwarding /etc/ssh/sshd_config

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

Yup, it most definitely is:

$ sudo grep X11Forwarding /etc/ssh/sshd_config
[sudo] password for q-funk:
X11Forwarding yes

On Mon, Sep 03, 2007 at 08:46:30AM -0000, Martin-Éric Racine wrote:
> Yup, it most definitely is:
>
> $ sudo grep X11Forwarding /etc/ssh/sshd_config
> [sudo] password for q-funk:
> X11Forwarding yes

Is xauth installed on the gutsy server?

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

ii openssh-server 1:4.6p1-5 secure shell server, an rshd replacement
ii xauth 1:1.0.2-0ubuntu1 X authentication utility

That's odd. It works fine here. What's the client?

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

ii openssh-client 4.3p2-9 Secure shell client, an rlogin/rsh/rcp replacement

Same here
ssh from gutsy -> gutsy
X11Forwarding on

debug even prints:
debug1: Requesting X11 forwarding with authentication spoofing.

in auth.log
Sep 23 13:59:36 (none) sshd[7149]: error: Failed to allocate internet-domain X11 display socket.

I've just had this same problem on a fresh install of Gutsy. The solution was to install xbase-clients, which is suggested by openssh-server.

Hope this helps.

No, it doesn't. I already have that installed:

xbase-clients 1:7.2-5ubuntu13
 xauth 1:1.0.2-0ubuntu1

What is the command line used to connect to the server ? Could you try connecting with "ssh -X" ?

$ ssh -X lumen
Viimeinen kirjautuminen: pe loka 26 22:07:06 EEST 2007 koneelta yonix.lan päätteellä pts/0
Linux lumen 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
$ env | grep DISPLAY
$

Can you please attach the output when connecting with 'ssh -v -X'

$ ssh -v -X lumen
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /home/q-funk/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to lumen [172.16.1.17] port 22.
debug1: Connection established.
debug1: identity file /home/q-funk/.ssh/identity type -1
debug1: identity file /home/q-funk/.ssh/id_rsa type -1
debug1: identity file /home/q-funk/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6p1 Debian-5build1
debug1: match: OpenSSH_4.6p1 Debian-5build1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 <email address hidden>
debug1: kex: client->server aes128-cbc hmac-md5 <email address hidden>
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'lumen' is known and matches the RSA host key.
debug1: Found key in /home/q-funk/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/q-funk/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = fi_FI.UTF-8
Linux lumen 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Last login: Fri Oct 26 23:39:15 2007 from yonix.lan
$

I have a fresh install of Gutsy with fixed IP address and the above symptoms.

What happens? sshd tries to bind forwarded X connection to 127.0.0.1:601*. The binding process fails because there is no IP address 127.0.0.1 available. When investigating matter, I found out that my loopback (lo) interface did not have any IP address.

So, what ip addr show lo says?

It looks like the /etc/network/interfaces misses iface lo stanza in default install (but it is there in the upgraded installations).

Perhaps problem is because NetworkManager fails to set "lo" up?

I concur with Pekka.

Here, doing "ip addr" or "ifconfig" indeed reported that lo has no IP, so I inspected /etc/network/interfaces and, sure enough, there was no stanza for the lo interface. Having fixed this and rebooted, everything seems back to normal. Kiitoksia, Pekka!

Note that, for some odd reason, X11 forwarding seems to be disabled in /etc/ssh/ssh_config by default, on recent installs. Once that was enabled too, life returned to normal. Hurray!

1) ssh -Y <hostname> switches x-forwarding on. I have no problems with that in any of the new releases of ubuntu.

Is this problem still occurring and if so does ssh -Y solve it?

Thanks

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

try to enable the loopback interface. its solves the problem for me.

i add:

# The loopback network interface
auto lo
iface lo inet loopback

to /etc/network/interfaces

Got something similar in Lucid.
"error: Failed to allocate internet-domain X11 display socket" on the server (while in debug mode).

further debug showed:

...
debug2: bind port 6679: Cannot assign requested address
debug2: bind port 6680: Cannot assign requested address
debug2: bind port 6681: Cannot assign requested address
...

It had to do with IPv6.
I just had to add -4 to SSHD_OPTS in /etc/default/ssh (on the server) and restart sshd, it's all fine now.

Have the same problem in Lucid, and adding "-4" to SSHD_OPTS in /etc/default/ssh works like a charm.
I had IPv6 disabled before I did played with X11 forwarding: http://www.webupd8.org/2010/05/how-to-disable-ipv6-in-ubuntu-1004.html
So probably this was a root cause of my problems.

Had the same problem, but adding "-4" to SSHD_OPTIONS didn't solved, maybe because I couldn't properly reinitialize sshd.

Had to reenable IPv6 with

sudo sysctl net.ipv6.conf.all.disable_ipv6=0

Another way to get to work with disabled ipv6 add one option in the sshd configuration:

AddressFamily inet