SUMMARY: SSH Xforwarding broken after patches rolled - "known issue" - but not for Solaris 8

From: Tim Chipman <>
Date: Wed Feb 06 2008 - 19:14:22 EST
Hi All,

a quick summary. "Problem Solved". 				

Many thanks to Dennis Clarke, Allan West, Christopher Barnard for
their responses.

So, the story so far ..

-seems to be a problem with "older" builds of openssh, ie, a new build
of OpenSSH (or a pre-rolled binary of a new version from a 3rd party source,
such as blastwave) - should not exhibit this problem. Exact old vs new
that do or
don't exhibit the problem -- I haven't characterized exactly, sorry.

-originally reported in 2005 as a problem on Solaris9 and 10, but now
appears to be an issue on recent/fresh-patched Solaris8 machines also.
I haven't found
any mention of this on Sunsolve; maybe because Solaris 8 is EOL, and that
no sun-supported OpenSSH was bundled in Solaris8 (?)

-the workaround discussed online (not rolling back a patch, but instead
forcing SSHD to run only in IPv4 mode) - does work properly when implemented
right, ie, do both of these steps:

(1) edit sshd_config and specify an IPv4 format IP address for the line,
to read either

ListenAddress XXX.XXX.XXX.XXX (real ip address of system)



should do the trick, PLUS,

(2) ensure sshd is started with a parameter passed to it, "-4", which
forces IPv4 mode, ie,
not including any kind of IPv6 mode (which is the default I gather?).
Then stop/restart ssh daemon and test.

One of the better (non-sun) links online I found was a discussion
online at the URL,

>From the replies I have gotten, this was a "known problem" at no less
than one other site.

Hopefully this summary will help other folks in the future who might
have this issue.

Many thanks,

---Tim Chipman

--------original posting below------------

I have  a Sparc Solaris8 (e250) which was patched last month
(~Jan-14-08) with all public (non-paying-sunsolve-support-user)
available patches for SolarisSparc (using the tool, "pca - patch check
advance).  Since that time, xforwarding no longer works from this
system via SSH.  (ie, in the past I would connect, ssh -X user@machine
- and have a functional xforwarding-via-ssh pipe back to my linux

I note that there is an error message on the e250 machine now each
time this happens,

Feb  5 11:14:40 SERVERNAME sshd[1799]: [ID 800047 auth.error] error:
Failed to allocate internet-domain X11 display socket.

and a google search with this term brings up a number of hits
indicating this is a "known issue" on Solaris9 and Solaris10 machines
which were patched with patch ID 118305 - dating back to sometime in
2005.  There is a sunsolve entry visible at the URL,

which discusses workarounds (don't use x-forwarding) or possibly
backing out the offending patch.

Alas, the sunsolve (and other) folks who saw this problem in ~2005
were all complaining on Sol9 and Sol10 boxes, and indicated (in
theory) that Solaris8 was not impacted.

I've already tried one workaround, attempting to force SSHD to start
up in ipv4 only mode (passing a -4 option to SSHD via the init.d/dir
startup script, and also via tweak in the sshd_config file to specify
an ipv4 format "listen" ip address explicitly).  Alas this kludge
doesn't appear to work. [[HINDSIGHT COMMENT - try to avoid typos!]]

Even more fun, since my system doesn't report having patch 118305
present, I don't have the option of following the sun recommended fix
of backing out that patch and appliying a slightly more down-rev
version which doesn't have this problem.

If anyone has any thoughts on how to work around this issue, any
pointers are greatly appreciated.
sunmanagers mailing list
Received on Wed Feb 6 19:14:43 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:10 EST