Bug 27086

Summary: OpenSSH does not set X11 forwarding
Product: Base System Reporter: Jin Guojun <jin>
Component: binAssignee: Brian Feldman <green>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.3-RELEASE   
Hardware: Any   
OS: Any   

Description Jin Guojun 2001-05-05 04:50:01 UTC 
	This is ssh client and sshd support to do:

	   X11 and TCP forwarding

     If the user is using X11 (the DISPLAY environment variable is set), the
     connection to the X11 display can be forwarded to the remote side in such
     a way that any X11 programs started from the shell (or command) will go
     through the encrypted channel, and the connection to the real X server
     will be made from the local machine.  The user should not manually set
     DISPLAY.  Forwarding of X11 connections weakens the security of ssh and
     is disabled by default.  X11 forwarding can be enabled on the command
     line or in configuration files.

     The DISPLAY value set by ssh will point to the server machine, but with a
     display number greater than zero.  This is normal, and happens because
     ssh creates a ``proxy'' X server on the server machine for forwarding the
     connections over the encrypted channel.

	---

	But when Open SSH client connects to a sshd (any, including Open sshd),
	the DISPLAY will not set up correctly (see below).

Fix: 

Do not know.
	It seems that OpenSSH client dose not provide correct tunneling info.
How-To-Repeat: 	# wrong X11 forwarding
	OpenSSH % ssh anySSHD-host
	anySSHD-host% printenv DISPLAY
	OpenSSH


	# correct X11 forwarding
	NormalSSH % ssh anySSHD-host
	anySSHD-host% printenv DISPLAY 
	NormalSSH:11.0
Comment 1 jlp 2001-05-05 05:50:43 UTC 
This is configurable.  Look at /etc/ssh/sshd_config for 
"X11Forwarding", set it to "yes".  Likewise, look in 
/etc/ssh/ssh_config for "ForwardX11", set it to "yes" as well.

As to why these are not the defaults, I haven't the slightest idea.

	-jan-
-- 
Jan L. Peterson         FlipDog.com                tel. +1 801 418 7815
Sr. Systems Admin       3210 N Canyon Rd, Ste 300  fax  +1 801 818 0879
jlp@flipdog.com         Provo, UT 84604            http://www.flipdog.com/
Comment 2 Kris Kennaway 2001-05-05 12:49:31 UTC 
On Fri, May 04, 2001 at 08:49:06PM -0700, Jin Guojun wrote:

> 	Do not know.
> 	It seems that OpenSSH client dose not provide correct tunneling info.

Well, did you enable the X11 forwarding in your ssh config file?  It's
disabled by default, as described in the manpage.

Kris
Comment 3 Jin Guojun 2001-05-06 18:02:38 UTC 
> >       Do not know.
> >       It seems that OpenSSH client dose not provide correct tunneling info.
> 
> Well, did you enable the X11 forwarding in your ssh config file?  It's
> disabled by default, as described in the manpage.

Thanks for this information. The manpage is conflict with the ssh_config file.
See the append output below. The ssh config file is a better place to look
the default information then manpage (super long), so please change the
ssh_config file description for the default value, then this case can be closed.

Thanks,

	-Jin


% cat /etc/ssh/ssh_config
...
# Site-wide defaults for various options

# Host *
#   ForwardAgent yes
#   ForwardX11 yes
#   RhostsAuthentication yes
#   RhostsRSAAuthentication yes
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh no
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking no
#   IdentityFile ~/.ssh/identity
#   Port 22
#   Protocol 2,1
#   Cipher blowfish
#   EscapeChar ~
Comment 4 Kris Kennaway freebsd_committer freebsd_triage 2001-05-29 00:59:22 UTC 
Responsible Changed
From-To: freebsd-ports->green

green is the openssh maintainer
Comment 5 Brian Feldman freebsd_committer freebsd_triage 2003-07-13 05:20:07 UTC 
State Changed
From-To: open->closed

Fixed.