Bug#963202: ssh: ExitOnForwardFailure and X forwarding

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#963202: ssh: ExitOnForwardFailure and X forwarding
From: Jan Braun <janbraun@gmx.de>
Date: Sat, 20 Jun 2020 14:43:11 +0200
Message-id: <[🔎] 20200620124311.GA17044@klumpi.ignorelist.com>
Reply-to: Jan Braun <janbraun@gmx.de>, 963202@bugs.debian.org

Package: openssh-client
Version: 1:8.3p1-1
Severity: minor

Dear Maintainer,

The ExitOnForwardFailure ssh(1) option is apparently not considering a
failed X forwarding:

| user@host:~$ /usr/bin/ssh -X otheruser@localhost -o "exitonforwardfailure yes"
| X11 forwarding request failed on channel 0
| Linux host 5.6.0-2-amd64 #1 SMP Debian 5.6.14-1 (2020-05-23) x86_64
| Last login: Sat Jun 20 13:54:56 2020 from 127.0.0.1
| otheruser@host:~$ echo $DISPLAY
| 
| otheruser@host:~$ 

The manpage says "if it cannot set up all requested dynamic, tunnel,
local, and remote port forwardings", thus not mentioning X forwarding
either way. I *think* ssh used to abort under these circumstances a long
time ago, but can't be sure I remember correctly.
In any case, I find the behaviour unhelpful and unintuitive. It caused
me quite a bit of avoidable bug-chasing (the X client failing without a
proper diagnostic didn't help, obviously).

You may obviously argue "working as intended". Then please consider this
a wishlist request for a "ExitOnXForwardFailure" option. (And ideally
renaming of "ExitOnForwardFailure" to "ExitOnPortForwardFailure")

Thank you for maintaining openssh,
    Jan

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (650, 'testing-debug'), (550, 'unstable-debug'), (550, 'unstable'), (10, 'experimental-debug'), (10, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssh-client depends on:
ii  adduser           3.118
ii  dpkg              1.19.7
ii  libc6             2.30-8
ii  libedit2          3.1-20191231-1
ii  libfido2-1        1.4.0-2
ii  libgssapi-krb5-2  1.17-10
ii  libselinux1       3.0-1+b3
ii  libssl1.1         1.1.1g-1
ii  passwd            1:4.8.1-1
ii  zlib1g            1:1.2.11.dfsg-2

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.10-1

Versions of packages openssh-client suggests:
pn  keychain                              <none>
pn  libpam-ssh                            <none>
pn  monkeysphere                          <none>
ii  ssh-askpass-fullscreen [ssh-askpass]  0.3-3.1+b2

-- no debconf information

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: ☝✪☝ Waarschuwing : werking printer mogelijks in gevaar! ☝✪☝
Next by Date: Authentication failure yunohost 3.8
Previous by thread: ☝✪☝ Waarschuwing : werking printer mogelijks in gevaar! ☝✪☝
Next by thread: Authentication failure yunohost 3.8
Index(es):
- Date
- Thread