The following syslog message is generated on the server,
sshd[1433]: [ID 800047 auth.error] error: Failed to allocate internet-domain
X11 display socket.
Is anyone else having this problem?
Thanks.
I fear the patches introducing a known bug from openssh. You can prove
an see the reason, when you start sshd in debug modus: it tries to open
several hundreds unix-sockets til it reaches a limit.
I was just about to post a message saying exactly the same thing.
126134-03 on an AMD64 machine, connected from a Mac OS X machine.
So you are not alone.
A bientot
Paul
--
Paul Floyd http://paulf.free.fr
Same here. I noticed the following:
1) It does not happen on a machine that has IPv6 installed (though I
have only one of those, might be coincidence)
2) I can work around it by setting
X11UseLocalhost no
in /etc/ssh/sshd_config.
Hope this helps,
Frank.
After smpatch update on a couple of Solaris 10 machines (sparc) I am
seeing the exact same behaviour. Adding inet6 interfaces makes things
work. Other machines that have been smpatch update'd do, however,
forward X11 fine. They almost certainly got an interim update more
recently than the broken ones.
hth
t
bug 6704823
http://bugs.opensolaris.org/view_bug.do?bug_id=6704823
Description:
Looks like the fix for CR 6684003 breaks sshd's ability to bind to a local
socket for X forwarding. bind() returns EADDRNOTAVAIL for every bind call to ::1
for ports 6010->6999, but never tries IPv4 localhost addresses.
Workaround:
Add lo0 for IPv6:
# ifconfig lo0 inet6 plumb up
please try -4 option for ssh. I think that should be enough, without the need of
root privileges to create a loopback with IPv6 address.
"-4" does for client, what "AddressFamily inet" does for server, cohersing
IPv4. Seems silly not to first try same (v4/v6) for X-forwarding as that
used for connection.
My version of ssh (Sun_SSH_1.1) does not have this keyword. S10 11/06.
Well I tried both and:
if I do ssh -4vAX remotehost
I do not get the display
if on the remote host I touch hostname6.lo0 I get the remote display.
I wonder why the -4 works in some cases and not others?
If you have a support contract open a case with Sun, there is a
IDR available which solves the issue.
Regards,
Frank
As the bug was introduced by patch 126133-03, consider just backing it
out. Obviously be aware that this patch fixes a security vulnerability
(CVE-2008-1483). 126133-04 also has the bug.
Cheers,
Chris
and 122300 on solaris 9 also has it. My preferred solution is to add:
X11UseLocalHost no
into /etc/ssh/sshd_config and restart sshd.
>
> Cheers,
>
> Chris
>
--
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
------------ And now a word from our sponsor ------------------
For a quality usenet news server, try DNEWS, easy to install,
fast, efficient and reliable. For home servers or carrier class
installations with millions of users it will allow you to grow!
---- See http://netwinsite.com/sponsor/sponsor_dnews.htm ----
I was looking at this last night and today on my server at home. My server
has 126133-04 installed. I researched and found that you could remove
patches 126133-04 and 126133-03. I didn't try this. I instead chose to
modify "/lib/svc/method/sshd" and change the line "/usr/lib/ssh/sshd" to
"/usr/lib/ssh/sshd -4". I had to change "/etc/ssh/sshd_config" and comment
out "ListenAddress ::" and uncomment "ListenAddress 0.0.0.0" and execute
"svcadm disable ssh;svcadm enable ssh".
We did the same thing but had to find out that some patches
re-installed the original sshd starup-method so you may wanna
check after applying patches or patch-clusters
Thomas
-----------------------------------------------------------------
GPG fingerprint: B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED
.. or install patches with pca and its "--safe" option, which will check
for locally modified files before installing a patch.
mp.
--
SysAdmin | Institute of Scientific Computing, University of Vienna
PCA | Analyze, download and install patches for Solaris
| http://www.par.univie.ac.at/solaris/pca/