Date: Wed, 12 Nov 2008 07:51:42 -0800 (PST) From: Elliot Isaacson <elliot_isaacson@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: xauth failure when tunneling over ssh Message-ID: <447799.94810.qm@web90502.mail.mud.yahoo.com>
next in thread | raw e-mail | index | archive | help
> On Tuesday 11 November 2008 21:27:38 Elliot Isaacson wrote:
> > Hi,
> >
> > I've set up X11Forwarding on several linux servers before, but
> > I've just wasted a day trying (unsuccessfully) to figure out
> > why I can't get it working on freebsd (7.0-RELEASE GENERIC).
> >
> > I have not changed the defaults in the sshd_config file.
> >
> > One the client computer:
> >
> > $ xhost +
> >
> > $ ssh -Y 192.ip.of.server
> > Warning: No xauth data; using fake authentication data for X11
> > forwarding.
> >
> > /usr/local/bin/xauth: creating new authority
> > file /home/xxx/.Xauthority
> > /usr/local/bin/xauth: (stdin):1: bad display name "unix:10.0"
> > in "remove" command
> > /usr/local/bin/xauth: (stdin):2: bad display name "unix:10.0"
> > in "add" command
> >
> > [xxx@ ~] kcalc
> > X11 connection rejected because of wrong authentication.
> > kcalc: Fatal IO error: client killed
> >
> > [xxx@ ~] ls -a .Xauth*
> > <no results>
> >
> > Now, when I go to the server and login directly, and do a
> > startx, the x server starts fine, but there's still no
> > .Xauthority file in the home directory. I find that odd.
> >
> > This also looks strange to me:
> >
> > [xxx@ ~] ps -aux | grep X
> > root 1470 0.0 2.7 65456 13668 v0 S 4:01PM 0:01.24
> > X :0 -auth /home/xxx/.serverauth.1451 (Xorg)
> >
> > [xxx@ ~] ls -a /home/xxx/.serverauth*
> > <no results>
> >
> > How could it authenticate with a non-existent file?
> >
> > Any pointers in the right direction would be greatly
> > appreciated.
>
> I had the same problem when trying to SSH to the FreeBSD machines
> from Linux. If I remember correctly, I had to make a change to
> ssh_config on the Linux side to get things to work:
>
> Host *
> XAuthLocation /usr/bin/xauth
>
> It might also help if you would post sshd_config on the FreeBSD
> side.
>
Thanks for your suggestion. On my Linux system, the default path for
ssh to find xauth is already /usr/bin/xauth (according to the man
page). To be sure, I tried setting it explicitly but it still
didn't work. I know that I can tunnel to other X servers, just not
the FreeBSD one. My FreeBSD sshd_config is rather uninteresting
because everything is commented out and using the defaults. For
convenience's sake, here are some of the interesting lines:
#UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
I also tried doing it the old fashioned way and viewing the X
clients over telnet, which worked fine. It's too insecure to do
that from outside the local network, though.
Thanks,
Elliot Isaacson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?447799.94810.qm>