Solaris 9, 10 : Broken X11 Forwarding on IPv4-only Systems

Symptom

All Solaris 9 & 10 IPv4-only systems with the following ssh patches (or later) may prevent ssh from X forwarding.

126133-03 SunOS 5.10: sshd patch
126134-03 SunOS 5.10_x86: sshd patch
114356-14 SunOS 5.9: /usr/bin/ssh patch
114357-13 SunOS 5.9_x86: usr/bin/ssh patch

In other words, the users may not be able to bring up the graphical applications when connected remotely with the -X option of ssh. All such failed attempts will be recorded in the system log (/var/adm/messages) with an error message similar to the following:

sshd[882]: [ID 800047 auth.error] error: Failed to allocate internet-domain X11 display socket

Fix

There is no official fix available at this time. A bug, 6704823 Fix for 6684003 prevents ssh from X forwarding on IPv4-only system, was filed against Solaris/ssh; and the fix is in progress at the moment.


Work around

Suggested work arounds from the bug report (you just need one of 'em, not both):

1. Add lo0 for IPv6.
   
   eg.,
   

   # ifconfig lo0 inet6 plumb up

   
   And to make changes permanent, do:
   
   

   # touch /etc/hostname6.lo0

   
   
   
2. Disable IPv6 ssh support.
   
   Change ListenAddress to 0.0.0.0 in /etc/ssh/sshd_config; then restart sshd with -4 option.
   
   eg.,
   

   # svcadm -v disable ssh
# /usr/lib/ssh/sshd -4

_________________________
Technorati Tags:
Solaris | OpenSolaris