SUMMARY: All ports in use, but I don't think they are

From: Christopher L. Barnard <>
Date: Wed Dec 14 2005 - 14:57:27 EST
I am cc-ing this summary to the mailing
list, since I posed the question and got several suggestions from there
as well.

I asked

> I have several identically configured Solaris 9 servers running
> OpenSsh 4.2p1.  Some let me do X forwarding, some do not.  All have the
> ForwardX11 yes
> in the ssh_config file and
> X11Forwarding yes
> X11UseLocalhost no
> in the sshd_config file.  I have restarted ssh several times, so I am
> comfortable that the config files are being read.
> On servers that work, I ssh to them, start an X application like xclock,
> and it appears on my screen.  On servers that do not work, when I try to
> run an X application I am told
> Error: Can't open display:
> The .Xauthority in my homedir is *not* updated, btw.
> After many rounds of testing to try and figure out the problem, which
> involved running the daemon with three levels of debug (-ddd) I found
> the underlying problem:
> debug2: bind port 6260: Address already in use
> repeated 999 times, for the 999 ports from 6000 to 6999.  Then the msg
> Failed to allocate internet-domain X11 display socket.
> debug1: x11_create_display_inet failed.
> and I am ssh-ed in, but I do not have X.
> netstat, ps, ndd /dev/tcp tcp_status show that the server is busy, but
> not THAT busy.  There are about 200 ssh connections to the box, which
> is no where near the 999 ports for X forwarding.  I believe the port idle
> timeout on Solaris 9 boxes is 4 minutes, but I see no ports in TIME_WAIT
> anyway.
> Has anyone seen this before?  Do I need to somehow clean out connections to
> the X ports?  Is there a limit of some sort on this box that I am bumping
> against that I need to raise?  (ndd is powerful, but easy to misuse...)
> Thanks, and I will summarize.

The solution

Its a bug in the interaction between Solaris and with SSH over the
implementation of IPv6 network addresses.  I don't fully understand why
this is the case, but by starting the daemon with the -4 flag (only use
IPv4 addresses) X is forwarded just fine.

My thanks to many many folks on both the sunmanagers and secureshell lists
who suggested things to try.  I used lsof and although ssh was reporting that
all 999 X ports were in use, they actually were not.  The sunsolve document
points to some patches but were not the issue.  Thanks to Crist Clark who
pointed me to the IPv6 vs IPv4 bug.

| Christopher L. Barnard         O     When I was a boy I was told that |
|         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
|                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
sunmanagers mailing list
Received on Wed Dec 14 14:58:06 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:54 EST