Date: Wed, 12 Nov 2008 07:51:42 -0800 (PST) From: Elliot Isaacson <elliot_isaacson@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: xauth failure when tunneling over ssh Message-ID: <447799.94810.qm@web90502.mail.mud.yahoo.com>
index | next in thread | raw e-mail
> On Tuesday 11 November 2008 21:27:38 Elliot Isaacson wrote:
> > Hi,
> >
> > I've set up X11Forwarding on several linux servers before, but
> > I've just wasted a day trying (unsuccessfully) to figure out
> > why I can't get it working on freebsd (7.0-RELEASE GENERIC).
> >
> > I have not changed the defaults in the sshd_config file.
> >
> > One the client computer:
> >
> > $ xhost +
> >
> > $ ssh -Y 192.ip.of.server
> > Warning: No xauth data; using fake authentication data for X11
> > forwarding.
> >
> > /usr/local/bin/xauth: creating new authority
> > file /home/xxx/.Xauthority
> > /usr/local/bin/xauth: (stdin):1: bad display name "unix:10.0"
> > in "remove" command
> > /usr/local/bin/xauth: (stdin):2: bad display name "unix:10.0"
> > in "add" command
> >
> > [xxx@ ~] kcalc
> > X11 connection rejected because of wrong authentication.
> > kcalc: Fatal IO error: client killed
> >
> > [xxx@ ~] ls -a .Xauth*
> > <no results>
> >
> > Now, when I go to the server and login directly, and do a
> > startx, the x server starts fine, but there's still no
> > .Xauthority file in the home directory. I find that odd.
> >
> > This also looks strange to me:
> >
> > [xxx@ ~] ps -aux | grep X
> > root 1470 0.0 2.7 65456 13668 v0 S 4:01PM 0:01.24
> > X :0 -auth /home/xxx/.serverauth.1451 (Xorg)
> >
> > [xxx@ ~] ls -a /home/xxx/.serverauth*
> > <no results>
> >
> > How could it authenticate with a non-existent file?
> >
> > Any pointers in the right direction would be greatly
> > appreciated.
>
> I had the same problem when trying to SSH to the FreeBSD machines
> from Linux. If I remember correctly, I had to make a change to
> ssh_config on the Linux side to get things to work:
>
> Host *
> XAuthLocation /usr/bin/xauth
>
> It might also help if you would post sshd_config on the FreeBSD
> side.
>
Thanks for your suggestion. On my Linux system, the default path for
ssh to find xauth is already /usr/bin/xauth (according to the man
page). To be sure, I tried setting it explicitly but it still
didn't work. I know that I can tunnel to other X servers, just not
the FreeBSD one. My FreeBSD sshd_config is rather uninteresting
because everything is commented out and using the defaults. For
convenience's sake, here are some of the interesting lines:
#UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
I also tried doing it the old fashioned way and viewing the X
clients over telnet, which worked fine. It's too insecure to do
that from outside the local network, though.
Thanks,
Elliot Isaacson
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?447799.94810.qm>