SSH Xforwarding broken after patches rolled - "known issue" - but not for Solaris 8

From: Tim Chipman (tchipman@gmail.com)
Date: Tue Feb 05 2008 - 10:25:16 EST

• Next message: Beck, Joseph: "sun hardware inventory tool or cmds"
• Previous message: Monappallil, George: "Merging LDAP directories"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

I have a Sparc Solaris8 (e250) which was patched last month
(~Jan-14-08) with all public (non-paying-sunsolve-support-user)
available patches for SolarisSparc (using the tool, "pca - patch check
advance). Since that time, xforwarding no longer works from this
system via SSH. (ie, in the past I would connect, ssh -X user@machine
- and have a functional xforwarding-via-ssh pipe back to my linux
desktop)

I note that there is an error message on the e250 machine now each
time this happens,

Feb 5 11:14:40 SERVERNAME sshd[1799]: [ID 800047 auth.error] error:
Failed to allocate internet-domain X11 display socket.

and a google search with this term brings up a number of hits
indicating this is a "known issue" on Solaris9 and Solaris10 machines
which were patched with patch ID 118305 - dating back to sometime in
2005. There is a sunsolve entry visible at the URL,

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101834-1

which discusses workarounds (don't use x-forwarding) or possibly
backing out the offending patch.

Alas, the sunsolve (and other) folks who saw this problem in ~2005
were all complaining on Sol9 and Sol10 boxes, and indicated (in
theory) that Solaris8 was not impacted.

I've already tried one workaround, attempting to force SSHD to start
up in ipv4 only mode (passing a -4 option to SSHD via the init.d/dir
startup script, and also via tweak in the sshd_config file to specify
an ipv4 format "listen" ip address explicitly). Alas this kludge
doesn't appear to work.

Even more fun, since my system doesn't report having patch 118305
present, I don't have the option of following the sun recommended fix
of backing out that patch and appliying a slightly more down-rev
version which doesn't have this problem.

If anyone has any thoughts on how to work around this issue, any
pointers are greatly appreciated.

Many thanks,

Tim Chipman
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Beck, Joseph: "sun hardware inventory tool or cmds"
• Previous message: Monappallil, George: "Merging LDAP directories"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:45 EDT