Bug#808158: avahi-discovered address passed to ssh as name, bites with v4+6 mdns

chrysn chrysn at fsfe.org
Wed Dec 16 16:19:36 UTC 2015

Package: gvfs-backends
Version: 1.26.2-1
Severity: normal
File: /usr/lib/gvfs/gvfsd-sftp

if an ipv4-only ssh server (eg. primitive ftpd[1]) announces its presence
to a client that has the mdns / mdns_minimal module in its nsswitch (not
the more common mdns4 / mdns4_minimal which limits .local name
resolution to ipv4), and a user tries to mount the auto-discovered sftp
share eg. in thunar's network:// overview, ssh gets invoked by gvfsd as

> execve("/usr/bin/ssh", ["/usr/bin/ssh", "-oForwardX11 no",
> "-oForwardAgent no", "-oPermitLocalCommand no", "-oClearAllForwardings
> yes", "-oProtocol 2", "-oNoHostAuthenticationForLocalhost yes", "-p",
> "2222", "-s", "android.local", "sftp"], [/* 45 vars */]) = 0

the hostname is put there unresolved, which is in general a good thing
(think known_hosts), but strips off the information that the client only
announced itself for ipv4. consequently, ssh tries to initiate the
connection using ipv6, which fails, and the mounting operation times

i've verified that the client announces itself using avahi-discover; it
*does* show up both in "wlan ipv6" and "wlan ipv4" (which i attribute to
ipv4 addresses being well reachable from an ipv6 socket), but on
inspection it shows "Address: Android.local/" in both
occurrences, while the other (debian) hosts on the network that announce
themselves show their respective ipv4 and ipv6 addresses.

note that the default setting of mdns4 instead of mdns is controversial
in itself[2]; the discussion there might or might not be helpful to this
issue. also note that fixing this issue is not sufficient to make gvfs
ssh work with primitive ftpd, but i'm still looking into that, trying to
figure out more details than plain "doesn't work".

[1] https://f-droid.org/repository/browse/?fdid=org.primftpd
[2] https://bugs.debian.org/466014

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-rc5 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages gvfs-backends depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.24.0-2
ii  gvfs                                         1.26.2-1
ii  gvfs-common                                  1.26.2-1
ii  gvfs-daemons                                 1.26.2-1
ii  gvfs-libs                                    1.26.2-1
ii  libarchive13                                 3.1.2-11+b1
ii  libatk1.0-0                                  2.18.0-1
ii  libavahi-client3                             0.6.32~rc+dfsg-1
ii  libavahi-common3                             0.6.32~rc+dfsg-1
ii  libavahi-glib1                               0.6.32~rc+dfsg-1
ii  libc6                                        2.21-4
ii  libcairo-gobject2                            1.14.4-1
ii  libcairo2                                    1.14.4-1
ii  libcdio-cdda1                                0.83-4.2+b1
ii  libcdio-paranoia1                            0.83-4.2+b1
ii  libcdio13                                    0.83-4.2+b1
ii  libexif12                                    0.6.21-2
ii  libgcrypt20                                  1.6.4-3
ii  libgdata22                                   0.17.3-1
ii  libgdk-pixbuf2.0-0                           2.32.2-1
ii  libglib2.0-0                                 2.46.2-1
ii  libgoa-1.0-0b                      
ii  libgphoto2-6                                 2.5.9-3
ii  libgphoto2-port12                            2.5.9-3
ii  libgtk-3-0                                   3.18.6-1
ii  libgudev-1.0-0                               230-2
ii  libimobiledevice4                            1.1.6+dfsg-3.1+b1
ii  libjson-glib-1.0-0                           1.0.4-2
ii  libmtp9                                      1.1.10-2
ii  libpango-1.0-0                               1.38.1-1
ii  libpangocairo-1.0-0                          1.38.1-1
ii  libplist3                                    1.12-3.1
ii  libsecret-1-0                                0.18.3-1
ii  libsmbclient                                 2:4.1.21+dfsg-2+b2
ii  libsoup2.4-1                                 2.52.2-1
ii  libxml2                                      2.9.3+dfsg1-1
ii  psmisc                                       22.21-2.1+b1

Versions of packages gvfs-backends recommends:
ii  gnome-keyring  3.18.2-1

Versions of packages gvfs-backends suggests:
ii  bluez-obexd   5.36-1
ii  samba-common  2:4.1.21+dfsg-2

-- no debconf information

To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20151216/d9d120a9/attachment.sig>

More information about the pkg-gnome-maintainers mailing list