From owner-freebsd-questions@FreeBSD.ORG Wed Nov 12 18:59:59 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F2802106568B for ; Wed, 12 Nov 2008 18:59:59 +0000 (UTC) (envelope-from lists-fbsd@shadypond.com) Received: from mailout.easydns.com (mailout.easydns.com [205.210.42.66]) by mx1.freebsd.org (Postfix) with ESMTP id AC26D8FC19 for ; Wed, 12 Nov 2008 18:59:59 +0000 (UTC) (envelope-from lists-fbsd@shadypond.com) Received: from localhost (localhost [127.0.0.1]) by mailout.easydns.com (Postfix) with ESMTP id 871F448349 for ; Wed, 12 Nov 2008 13:58:10 -0500 (EST) Received: from mailout.easydns.com ([127.0.0.1]) by localhost (mx-outbound01.easydns.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3t5w4cEpNGg for ; Wed, 12 Nov 2008 13:58:10 -0500 (EST) Received: from lilypad.shadypond.com (69-12-173-117.static.humboldt1.com [69.12.173.117]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easydns.com (Postfix) with ESMTP id 5915648344 for ; Wed, 12 Nov 2008 13:58:10 -0500 (EST) Received: from slider.localnet (slider.shadypond.com [192.168.1.11]) by lilypad.shadypond.com (Postfix) with ESMTPSA id AA0A713183 for ; Wed, 12 Nov 2008 18:57:51 +0000 (UTC) From: Pollywog To: freebsd-questions@freebsd.org Date: Wed, 12 Nov 2008 18:58:18 +0000 References: <408675.46789.qm@web90502.mail.mud.yahoo.com> In-Reply-To: <408675.46789.qm@web90502.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200811121858.18494.lists-fbsd@shadypond.com> Subject: Re: xauth failure when tunneling over ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2008 19:00:00 -0000 On Wednesday 12 November 2008 18:20:00 Elliot Isaacson wrote: > > On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote: > > > #UsePAM yes > > > #AllowTcpForwarding yes > > > #GatewayPorts no > > > #X11Forwarding yes > > > #X11DisplayOffset 10 > > > #X11UseLocalhost yes > > > #PrintMotd yes > > > #PrintLastLog yes > > > #TCPKeepAlive yes > > > #UseLogin no > > > #UsePrivilegeSeparation yes > > > #PermitUserEnvironment no > > > #Compression delayed > > > #ClientAliveInterval 0 > > > #ClientAliveCountMax 3 > > > #UseDNS yes > > > #PidFile /var/run/sshd.pid > > > #MaxStartups 10 > > > #PermitTunnel no > > > > Shouldn't PermitTunnel be set to yes ? > > Thanks for the suggestion. PermitTunnel has something to do with > using a specific software network loopback device, tun(4). I don't > think it has anything to do with forwarding traffic, X11 or > otherwise, through an ssh tunnel. Just to be sure I tried switching > that on, but it didn't seem to help. > > This is a reiteration of the problem so no one has to sift though > the archives to find it: > > $ xhost + > > $ ssh -Y 192.ip.of.freebsdserver > Warning: No xauth data; using fake authentication data for X11 > forwarding. > > /usr/local/bin/xauth: > > In case you have not done so, you should also check /etc/ssh/ssh_config on the client machines. I had to add something like this on my client machine which is Linux: Host localhost HostName 127.0.0.1 ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes PubkeyAuthentication yes PasswordAuthentication yes Protocol 2 Host * ForwardAgent no ForwardX11 no ForwardX11Trusted yes XAuthLocation /usr/bin/xauth If you are using gdm on the server, you might try shutting that down for testing. I seem to recall having to modify some setting in gdm that had to do with xauth. I did not make a note of what I did though.