Package: ssh Version: 1:3.8.1p1-8.sarge.4 Severity: normal
ssh is incompatible with lbxproxy: perl script below shows the problem. Ssh wants to be secure, and spoofs the X authentication cookie; then on incoming (forwarded) X requests, it tries to replace the fake info with the saved (real) data. This works some (most?) of the time, but does not work when using lbxproxy. Seems that lbxproxy sends the cookie in a way that is not seen/detected by ssh. Ssh should be made compatible with lbxproxy, either by making it capable of doing the X authentication cookie replacement in that case also, or at least by providing an option to leave the authentication data alone, un-spoofed. (Not really related to Bug#57116.) Thanks, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia #!/usr/bin/perl -w -- $d = $ENV{DISPLAY}; $u = 77; # Anything unused mysystem( "lbxproxy :$u -terminate &" ); sleep 1; mysystem( "xauth list" ); $c = `xauth list $d`; $c =~ s/.*MIT-MAGIC-COOKIE-1 +//; chomp $c; $k = $c; #$k = 'f72f52dad34218a911bc34fb774b9acc'; print " Should not use cookie $c found above, but should instead use that shown by xauth back on originating machine. \n" if $k eq $c; mysystem( "xauth add :$u . $k" ); mysystem( "xauth list" ); mysystem( "xterm -display :$u" ); mysystem( "xauth remove :$u" ); # The differing cookies are due to ssh.c using # x11_request_forwarding_with_spoofing() # which could be "fixed up" by # x11_open_helper() # (both functions defined in channels.c). # Seems that lbxproxy sends the auth info in a way that is not # detected by ssh, so it does not get a chance to fix up: maybe # because ssh tries the replacement at channel open time only? sub mysystem { ( $x ) = @_; print "Doing $x ...\n"; system $x; } -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm0.9 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ssh depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.30.13 Debian configuration management sy ii dpkg 1.10.28 Package maintenance system for Deb ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
