Hi All, a quick summary. "Problem Solved". Many thanks to Dennis Clarke, Allan West, Christopher Barnard for their responses. So, the story so far .. -seems to be a problem with "older" builds of openssh, ie, a new build of OpenSSH (or a pre-rolled binary of a new version from a 3rd party source, such as blastwave) - should not exhibit this problem. Exact old vs new that do or don't exhibit the problem -- I haven't characterized exactly, sorry. -originally reported in 2005 as a problem on Solaris9 and 10, but now appears to be an issue on recent/fresh-patched Solaris8 machines also. I haven't found any mention of this on Sunsolve; maybe because Solaris 8 is EOL, and that no sun-supported OpenSSH was bundled in Solaris8 (?) -the workaround discussed online (not rolling back a patch, but instead forcing SSHD to run only in IPv4 mode) - does work properly when implemented right, ie, do both of these steps: (1) edit sshd_config and specify an IPv4 format IP address for the line, to read either ListenAddress XXX.XXX.XXX.XXX (real ip address of system) or ListenAddress 0.0.0.0 should do the trick, PLUS, (2) ensure sshd is started with a parameter passed to it, "-4", which forces IPv4 mode, ie, not including any kind of IPv6 mode (which is the default I gather?). Then stop/restart ssh daemon and test. One of the better (non-sun) links online I found was a discussion online at the URL, http://www.samag.com/documents/s=9915/sam0512i/0512i.htm >From the replies I have gotten, this was a "known problem" at no less than one other site. Hopefully this summary will help other folks in the future who might have this issue. Many thanks, ---Tim Chipman --------original posting below------------ I have a Sparc Solaris8 (e250) which was patched last month (~Jan-14-08) with all public (non-paying-sunsolve-support-user) available patches for SolarisSparc (using the tool, "pca - patch check advance). Since that time, xforwarding no longer works from this system via SSH. (ie, in the past I would connect, ssh -X user@machine - and have a functional xforwarding-via-ssh pipe back to my linux desktop) I note that there is an error message on the e250 machine now each time this happens, Feb 5 11:14:40 SERVERNAME sshd[1799]: [ID 800047 auth.error] error: Failed to allocate internet-domain X11 display socket. and a google search with this term brings up a number of hits indicating this is a "known issue" on Solaris9 and Solaris10 machines which were patched with patch ID 118305 - dating back to sometime in 2005. There is a sunsolve entry visible at the URL, http://sunsolve.sun.com/search/document.do?assetkey=1-26-101834-1 which discusses workarounds (don't use x-forwarding) or possibly backing out the offending patch. Alas, the sunsolve (and other) folks who saw this problem in ~2005 were all complaining on Sol9 and Sol10 boxes, and indicated (in theory) that Solaris8 was not impacted. I've already tried one workaround, attempting to force SSHD to start up in ipv4 only mode (passing a -4 option to SSHD via the init.d/dir startup script, and also via tweak in the sshd_config file to specify an ipv4 format "listen" ip address explicitly). Alas this kludge doesn't appear to work. [[HINDSIGHT COMMENT - try to avoid typos!]] Even more fun, since my system doesn't report having patch 118305 present, I don't have the option of following the sun recommended fix of backing out that patch and appliying a slightly more down-rev version which doesn't have this problem. If anyone has any thoughts on how to work around this issue, any pointers are greatly appreciated. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Feb 6 19:14:43 2008
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:10 EST