Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 732294 - net-misc/dropbear-2020.80 - X11 forwarding no longer working
Summary: net-misc/dropbear-2020.80 - X11 forwarding no longer working
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Embedded Gentoo Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-11 20:36 UTC by Jochen Schlick
Modified: 2020-12-23 03:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jochen Schlick 2020-07-11 20:36:49 UTC
after update to 2020.80 X11-forwarding stops working (occurs on 5 different gentoo boxes)

ssh to a host shows:
X11 forwarding request failed on channel 1

also ssh -v shows  (nothing special - except that X11 forwarding fails)
...
debug1: Authentication succeeded (publickey).
Authenticated to 10.222.225.1 ([10.222.225.1]:22222).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: exec
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env COLORTERM = truecolor
debug1: Sending env LANGUAGE = 
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug1: Sending env LC_NAME = de_DE.UTF-8
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug1: Sending env LC_IDENTIFICATION = en_US.UTF-8
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug1: Sending env LC_MESSAGES = en_US.UTF-8
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug1: Sending env LC_CTYPE = en_US.UTF-8
debug1: Sending env LC_TIME = C
debug1: Sending env LC_ALL = 
debug1: Sending env LC_COLLATE = C
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
X11 forwarding request failed on channel 0

emerging stable dropbear-2019.78 version and restarting it fixes the problem.
Comment 1 Sam James archtester gentoo-dev Security 2020-07-14 13:05:57 UTC
Could you try with net-misc/dropbear-2020.80-r1 (unlikely to fix, but possible), but failing that, report it upstream?
Comment 2 Jochen Schlick 2020-08-09 01:27:55 UTC
- r1 is also not working.
Comment 3 Sam James archtester gentoo-dev Security 2020-11-06 23:33:03 UTC
(In reply to Jochen Schlick from comment #2)
> - r1 is also not working.

Reported upstream?
Comment 4 Jochen Schlick 2020-12-22 22:08:50 UTC
bug fixing time due COVID-lockdown + Xmas holidays :-)

It's not working because X11 forwarding is disabled by default since June 2020

from CHANGES:
...
2020.79 - 15 June 2020
...
- CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by default.
  They can be set in localoptions.h if required.
  Blowfish has been removed.
...

####################

the localoptions.h contains (after src_prepare() step):
...
/* Enable X11 Forwarding - server only */
#define DROPBEAR_X11FWD 0
....

#####################

add the following line to the ebuild src_prepare() section

        -e '/DROPBEAR_X11FWD /s:0:1:' \

fixes this issue.



Am I the only one in gentoo using dropbear as full blown ssh server?
Comment 5 Sam James archtester gentoo-dev Security 2020-12-23 03:02:49 UTC
(In reply to Jochen Schlick from comment #4)
> bug fixing time due COVID-lockdown + Xmas holidays :-)
> 
> It's not working because X11 forwarding is disabled by default since June
> 2020
> 
> from CHANGES:
> ...
> 2020.79 - 15 June 2020
> ...
> - CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by
> default.
>   They can be set in localoptions.h if required.
>   Blowfish has been removed.
> ...
> 

Good catch. Maybe it would be better for you to use savedconfig instead?

> 
> Am I the only one in gentoo using dropbear as full blown ssh server?

I use dropbear as an emergency client/server. I'm bumping/helping with dropbear just so somebody is.