Bug#575725: openssh-server: sshd looks for /usr/bin/X11/xauth instead of /usr/bin/xauth
Package: openssh-server
Version: 1:5.3p1-3
Severity: important
Tags: patch
sshd is configured for /usr/bin/X11/xauth instead of
/usr/bin/xauth which is where it's installed. As a result X forwarding fails:
$ ssh -vvvv -X ttd 'echo x11 DISPLAY=$DISPLAY' 2>&1 | grep -E 'x11|xauth'
debug2: x11_get_proto: /usr/bin/X11/xauth list 16.1.1.169:0.0 2>/dev/null
debug2: channel 0: request x11-req confirm 0
debug1: Sending command: echo x11 DISPLAY=$DISPLAY
debug1: Remote: No xauth program; cannot forward with spoofing.
x11 DISPLAY=
There are two possible workarounds, both on the server:
1. make a symlink: cd /usr/bin; ln -s . X11
OR
2. add to /etc/ssh/sshd_config: XAuthLocation /usr/bin/xauth
Here is the patch against openssh-5.3p1/debian/rules:
--- debian/rules.usr-bin-xauth 2010-02-27 20:06:40.000000000 -0500
+++ debian/rules 2010-03-28 15:12:48.000000000 -0400
@@ -99,3 +99,3 @@
# The deb build wants xauth; the udeb build doesn't.
-confflags += --with-xauth=/usr/bin/X11/xauth
+confflags += --with-xauth=/usr/bin/xauth
confflags_udeb += --without-xauth
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.112 add and remove users and groups
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii dpkg 1.15.5.6 Debian package management system
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.11-1 common error description library
ii libgssapi-krb5-2 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - k
ii libkrb5-3 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries
ii libpam-modules 1.1.1-2 Pluggable Authentication Modules f
ii libpam-runtime 1.1.1-2 Runtime support for the PAM librar
ii libpam0g 1.1.1-2 Pluggable Authentication Modules l
ii libselinux1 2.0.89-4 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8m-2 SSL shared libraries
ii libwrap0 7.6.q-18 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:5.3p1-3 secure shell (SSH) client, for sec
ii procps 1:3.2.8-8 /proc file system utilities
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.4-1 X authentication utility
Versions of packages openssh-server suggests:
pn molly-guard <none> (no description available)
pn rssh <none> (no description available)
pn ssh-askpass <none> (no description available)
pn ufw <none> (no description available)
-- debconf information:
* ssh/use_old_init_script: true
ssh/vulnerable_host_keys:
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
Reply to: