X11 forwarding via ssh not releasing ports in timely manner with IPv4 and IPv6 enabled

Bug #25528 reported by Simon P. Ditner on 2005-11-09
16
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Medium
Colin Watson

Bug Description

I installed LTSP, as per https://wiki.ubuntu.com/LTSPHowTo

After logging out of an LTSP X session, the login screen would come back up --
but I found that if you attempted to log back in, you would be sent right back
to the login screen unless you waited about 5 minutes.

On the server side, I saw that the ssh session was being broken almost as soon
as it was created. I enabled debugging on the sshd daemon with -ddd, and noticed
the following in sshd's debug output:

debug6762: bind port 6010: Address already in use

A usenet post suggested that this can be caused by having IPv6 support enabled
in sshd, which I disabled by appending "AddressFamily inet" to
/etc/ssh/sshd_config, and the problem no longer occurs.

Sorry, that should be https://wiki.ubuntu.com/ThinClientHowto

(In reply to comment #0)
> I installed LTSP, as per https://wiki.ubuntu.com/LTSPHowTo
>
> After logging out of an LTSP X session, the login screen would come back up --
> but I found that if you attempted to log back in, you would be sent right back
> to the login screen unless you waited about 5 minutes.
>
> On the server side, I saw that the ssh session was being broken almost as soon
> as it was created. I enabled debugging on the sshd daemon with -ddd, and noticed
> the following in sshd's debug output:
>
> debug6762: bind port 6010: Address already in use
>
> A usenet post suggested that this can be caused by having IPv6 support enabled
> in sshd, which I disabled by appending "AddressFamily inet" to
> /etc/ssh/sshd_config, and the problem no longer occurs.

Colin Watson (cjwatson) wrote :

My suspicion (at a quick glance) is that this is because we don't set the
SO_REUSEADDR socket option when creating X11 inet-domain sockets.

Colin Watson (cjwatson) wrote :

<Kamion> ogra: is it possible to get the remote end to close the X11 forwarding
channel first, rather than killing sshd? I'm pretty sure that would solve the
problem
<Kamion> ogra: see http://hea-www.harvard.edu/~fine/Tech/addrinuse.html
<Kamion> ogra: basically the problem is that if you kill the server, it has to
send the first TCP FIN, which means that it ends up sitting in TIME_WAIT for two
minutes
<Kamion> though quite why it's apparently stopping at the first port it tries
(6010) rather than continuing and trying the next one, I'm not quite sure
<ogra> lets see... at least i can confirm that problem is gone with setting this
option...
<Kamion> which option?
<ogra> limiting sshd to ipv4
<ogra> (AddressFamily inet)
<Kamion> hmm, it used to be that X11 forwarding sockets only worked on IPv4,
IIRC; if that's still true, it could mean that it's falling back from IPv4 to
IPv6 (rather than to the next IPv4 port) and then falling over somehow

Could you show me the five lines or so from the 'sshd -ddd' output immediately
after "debug6762: bind port 6010: Address already in use", please?

Oliver Grawert (ogra) wrote :

*** Bug 21467 has been marked as a duplicate of this bug. ***

(In reply to comment #3)
debug6762: bind port 6010: Address already in use
debug6762: fd 8 setting O_NONBLOCK
debug6763: fd 8 is O_NONBLOCK
debug6761: channel 1: new [X11 inet listener]
debug6761: server_input_channel_req: channel 0 request exec reply 0
debug6761: session_by_channel: session 0 channel 0
debug6761: session_input_channel_req: session 0 req exec

Colin Watson (cjwatson) wrote :

This looks like http://bugzilla.mindrot.org/show_bug.cgi?id=1076, fixed upstream in OpenSSH 4.3.

Colin Watson (cjwatson) wrote :

openssh (1:4.2p1-7ubuntu2) dapper; urgency=low

  * Backport from OpenSSH 4.3 (closes: Malone #25528):
    - Set SO_REUSEADDR on X11 listeners to avoid problems caused by
      lingering sockets from previous session (X11 applications can
      sometimes not connect to 127.0.0.1:60xx).

 -- Colin Watson <email address hidden> Fri, 12 May 2006 13:27:01 +0100

Changed in openssh:
status: Needs Info → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.