Openssh 3.7.1 HPUX 11.x - X11 forwarding broken or misconfigured?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

This question seems quite FAQish and I'm mining the back posts in Google
etc but can't quite pin this down.

I upgraded an HPUX box's OpenSSH from a patched 3.0.x (where forwarding
was working)to 3.7.1 (where it's not).  It appears I have the requisite
X11 forwarding turned on in sshd_config: eg X11Forwarding yes.  Forwarding
from the client side (used in testing) is enabled as well.

The current observed behavior is DISPLAY's contents are set to
now instead ofthe old "actualhost...".  This is expected/correct behavior
and I've read about this security-related change.  I've also read on the
openSSH FAQ (item 3.12) with documents
certain forwarding problems with depending on X libs used etc.  ie certain
X clients cannot deal with the "localhost..." proxy.

It appears that one promising work-around (documented above) is to change
the sshd_config configurable "X11UseLocalhost no".  However, when I try
this (restarting the debug sshd server on alternate port), the DISPLAY
contents changes from "localhost..." to blank ie nada.  I was expecting
the older "host..." contents with this approach, but no cigar.

Any ventured guesses on whether the null DISPLAY is working-as-designed?

Are there other configurables I could be looking at?  Thanks.

Re: Openssh 3.7.1 HPUX 11.x - X11 forwarding broken or misconfigured?

Followup solution:

I was informed of a possible issue with HPUX's OS function getaddrinfo()
that might impact this. (kudos to Darren Tucker)

The suggested fix was to add:

#define BROKEN_GETADDRINFO 1   (placeholder is already there)

to config.h  and recompile.

This, in conjunction with the previous "X11UseLocalhost no" in
sshd_config, restored the old behavior of DISPLAY being set to
"server_host_IP:proxy...".  ie X11 forwarding is working again!

This is with HPUX 11.23.  The actual issue with getaddrinfo() is still
being investigated.  If anyone has already been down that road, I'd be
interested to find out more.


Site Timeline