From jin@iss-p1.lbl.gov  Fri May  4 20:49:08 2001
Return-Path: <jin@iss-p1.lbl.gov>
Received: from iss-p1.lbl.gov (iss-p1.lbl.gov [131.243.2.47])
	by hub.freebsd.org (Postfix) with ESMTP id C01A437B423
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  4 May 2001 20:49:07 -0700 (PDT)
	(envelope-from jin@iss-p1.lbl.gov)
Received: (from jin@localhost)
	by iss-p1.lbl.gov (8.11.3/8.11.3) id f453n6c00943;
	Fri, 4 May 2001 20:49:06 -0700 (PDT)
	(envelope-from jin)
Message-Id: <200105050349.f453n6c00943@iss-p1.lbl.gov>
Date: Fri, 4 May 2001 20:49:06 -0700 (PDT)
From: Jin Guojun (DSD staff) <jin@iss-p1.lbl.gov>
Reply-To: j_guojun@lbl.gov
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: OpenSSH does not set X11 forwarding
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         27086
>Category:       bin
>Synopsis:       OpenSSH does not set X11 forwarding
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    green
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 04 20:50:01 PDT 2001
>Closed-Date:    Sat Jul 12 21:21:08 PDT 2003
>Last-Modified:  Sun Mar 17 00:44:06 UTC 2013
>Originator:     
>Release:        FreeBSD 4.3-RELEASE i386
>Organization:
>Environment:
System: FreeBSD iss-p1.lbl.gov 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Wed May 2 11:12:43 PDT 2001 root@iss-p1.lbl.gov:/usr/src/sys/compile/MinMax i386


	OpenSSH client

>Description:

	This is ssh client and sshd support to do:

	   X11 and TCP forwarding

     If the user is using X11 (the DISPLAY environment variable is set), the
     connection to the X11 display can be forwarded to the remote side in such
     a way that any X11 programs started from the shell (or command) will go
     through the encrypted channel, and the connection to the real X server
     will be made from the local machine.  The user should not manually set
     DISPLAY.  Forwarding of X11 connections weakens the security of ssh and
     is disabled by default.  X11 forwarding can be enabled on the command
     line or in configuration files.

     The DISPLAY value set by ssh will point to the server machine, but with a
     display number greater than zero.  This is normal, and happens because
     ssh creates a ``proxy'' X server on the server machine for forwarding the
     connections over the encrypted channel.

	---

	But when Open SSH client connects to a sshd (any, including Open sshd),
	the DISPLAY will not set up correctly (see below).

>How-To-Repeat:
	# wrong X11 forwarding
	OpenSSH % ssh anySSHD-host
	anySSHD-host% printenv DISPLAY
	OpenSSH


	# correct X11 forwarding
	NormalSSH % ssh anySSHD-host
	anySSHD-host% printenv DISPLAY 
	NormalSSH:11.0

>Fix:

	Do not know.
	It seems that OpenSSH client dose not provide correct tunneling info.
>Release-Note:
>Audit-Trail:

From: "Jan L. Peterson" <jlp@flipdog.com>
To: j_guojun@lbl.gov
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: ports/27086: OpenSSH does not set X11 forwarding 
Date: Fri, 04 May 2001 22:50:43 -0600

 This is configurable.  Look at /etc/ssh/sshd_config for 
 "X11Forwarding", set it to "yes".  Likewise, look in 
 /etc/ssh/ssh_config for "ForwardX11", set it to "yes" as well.
 
 As to why these are not the defaults, I haven't the slightest idea.
 
 	-jan-
 -- 
 Jan L. Peterson         FlipDog.com                tel. +1 801 418 7815
 Sr. Systems Admin       3210 N Canyon Rd, Ste 300  fax  +1 801 818 0879
 jlp@flipdog.com         Provo, UT 84604            http://www.flipdog.com/
 
 

From: Kris Kennaway <kris@obsecurity.org>
To: j_guojun@lbl.gov
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/27086: OpenSSH does not set X11 forwarding
Date: Sat, 5 May 2001 04:49:31 -0700

 --s2ZSL+KKDSLx8OML
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Fri, May 04, 2001 at 08:49:06PM -0700, Jin Guojun wrote:
 
 > 	Do not know.
 > 	It seems that OpenSSH client dose not provide correct tunneling info.
 
 Well, did you enable the X11 forwarding in your ssh config file?  It's
 disabled by default, as described in the manpage.
 
 Kris
 
 --s2ZSL+KKDSLx8OML
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.5 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE68+jKWry0BWjoQKURArtlAKDLr5UpsQCysQZ1AsyQxwiwjlO5qgCgmk0m
 blRdnBZ1UkOj6ertIFlyP2w=
 =EVTE
 -----END PGP SIGNATURE-----
 
 --s2ZSL+KKDSLx8OML--

From: Jin Guojun (DSD staff) <jin@george.lbl.gov>
To: jlp@flipdog.com, kris@obsecurity.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/27086: OpenSSH does not set X11 forwarding
Date: Sun, 6 May 2001 10:02:38 -0700 (PDT)

 > >       Do not know.
 > >       It seems that OpenSSH client dose not provide correct tunneling info.
 > 
 > Well, did you enable the X11 forwarding in your ssh config file?  It's
 > disabled by default, as described in the manpage.
 
 Thanks for this information. The manpage is conflict with the ssh_config file.
 See the append output below. The ssh config file is a better place to look
 the default information then manpage (super long), so please change the
 ssh_config file description for the default value, then this case can be closed.
 
 Thanks,
 
 	-Jin
 
 
 % cat /etc/ssh/ssh_config
 ...
 # Site-wide defaults for various options
 
 # Host *
 #   ForwardAgent yes
 #   ForwardX11 yes
 #   RhostsAuthentication yes
 #   RhostsRSAAuthentication yes
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
 #   FallBackToRsh no
 #   UseRsh no
 #   BatchMode no
 #   CheckHostIP yes
 #   StrictHostKeyChecking no
 #   IdentityFile ~/.ssh/identity
 #   Port 22
 #   Protocol 2,1
 #   Cipher blowfish
 #   EscapeChar ~
 
Responsible-Changed-From-To: freebsd-ports->green 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon May 28 16:59:22 PDT 2001 
Responsible-Changed-Why:  
green is the openssh maintainer 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27086 
State-Changed-From-To: open->closed 
State-Changed-By: green 
State-Changed-When: Sat Jul 12 21:20:07 PDT 2003 
State-Changed-Why:  
Fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27086 
>Unformatted:
