debug1: Remote: No xauth program; cannot forward with spoofing.

Bug #582251 reported by arturj on 2010-05-18
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Undecided
Unassigned
Lucid
High
Unassigned

Bug Description

STABLE RELEASE UPDATE:

Impact: X forwarding is not usable after a fresh install of openssh-server, unless x11-common is also installed.

Development branch: Bug has been addressed by using /usr/bin/xauth rather than /usr/bin/X11/xauth. We used the /usr/bin/X11 symlink to smooth X's move to /usr/bin, but at some point xauth stopped depending on x11-common so this no longer automatically works, and X's move is a long time in the past now so we might as well just use the new path.

Patch: http://bazaar.launchpad.net/~cjwatson/ubuntu/lucid/openssh/lucid-proposed/revision/3201

TEST CASE: Install openssh-server on a fresh server install. From another machine running an X session, connect to it using 'ssh -X'. If and only if this bug is fixed, the DISPLAY environment variable should be set.

Regression potential: We should check that X forwarding still works, and that OpenSSH in general still seems to function normally.

Original bug report:

Fresh installation of a LUCID server (AMD64) has following major issue:

X11Forwarding does not work anymore. Running the ssh-client (again from Lucid Desktop) like this "ssh -v servername" throws:

...
debug1: Remote: No xauth program; cannot forward with spoofing.
...

Running "strings /usr/sbin/sshd |grep xauth" on the remote server shows that sshd is looking for xauth in this path:
/usr/bin/X11/xauth

But this does NOT exist until the package "x11-common" is installed.

Hint: Package "xauth" which is automatically installed by openssh-server has its binary in "/usr/bin".

Suggestion: SSHD should be fixed to look for xauth in the right directory or openss-server package should be fixed to depend on x11-common package instead xauth

There are many other X11-Forwarding bug reports - maybe related to this issue.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: openssh-server 1:5.3p1-3ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
Architecture: amd64
Date: Tue May 18 15:28:14 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
ProcEnviron:
 PATH=(custom, user)
 LANG=de_DE.utf8
 SHELL=/bin/bash
SourcePackage: openssh

arturj (arturj-freenet) wrote :
arturj (arturj-freenet) wrote :

In KARMIC xauth depends on x11-common, another solution to this.

Colin Watson (cjwatson) wrote :

The problem is that some people seem not to have a /usr/bin/X11 -> . symlink, though it's present on my Lucid installation so I'm not quite clear on what's going on. In any case, Maverick's OpenSSH packaging now uses /usr/bin/xauth instead (see bug 8440). There's a backport in https://launchpad.net/~cjwatson/+archive/openssh if you want.

Colin Watson (cjwatson) wrote :

Ah, yes, you're right that that symlink is shipped by x11-common. But in any case it's moot for Maverick, although it might be worth fixing that way for Lucid. I'll open a bug task for that.

Changed in openssh (Ubuntu):
status: New → Fix Released
Colin Watson (cjwatson) on 2010-05-18
description: updated
Changed in openssh (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → High

Accepted into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in openssh (Ubuntu Lucid):
status: Triaged → Fix Committed
tags: added: verification-needed

Tested in fresh ubuntu-server install (with the openssh-server task). After installing the version from lucid-proposed an .Xauthority file is now created and the DISPLAY variable is now set.

Martin Pitt (pitti) on 2010-06-09
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:5.3p1-3ubuntu4

---------------
openssh (1:5.3p1-3ubuntu4) lucid-proposed; urgency=low

  * Backport from trunk:
    - Hardcode the location of xauth to /usr/bin/xauth rather than
      /usr/bin/X11/xauth (thanks, Aron Griffis; LP: #582251). xauth no
      longer depends on x11-common, so we're no longer guaranteed to have
      the /usr/bin/X11 symlink available.
 -- Colin Watson <email address hidden> Tue, 18 May 2010 18:10:23 +0100

Changed in openssh (Ubuntu Lucid):
status: Fix Committed → Fix Released
tags: added: testcase
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers