From owner-freebsd-questions@FreeBSD.ORG Wed Nov 12 19:49:15 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62CFD106564A for ; Wed, 12 Nov 2008 19:49:15 +0000 (UTC) (envelope-from lists-fbsd@shadypond.com) Received: from mailout.easydns.com (mailout.easydns.com [205.210.42.66]) by mx1.freebsd.org (Postfix) with ESMTP id 12C118FC08 for ; Wed, 12 Nov 2008 19:49:14 +0000 (UTC) (envelope-from lists-fbsd@shadypond.com) Received: from localhost (localhost [127.0.0.1]) by mailout.easydns.com (Postfix) with ESMTP id 1F87E48361 for ; Wed, 12 Nov 2008 14:48:48 -0500 (EST) Received: from mailout.easydns.com ([127.0.0.1]) by localhost (mx-outbound01.easydns.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BO1pCxNNCxSZ for ; Wed, 12 Nov 2008 14:48:48 -0500 (EST) Received: from lilypad.shadypond.com (unknown [69.12.173.117]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easydns.com (Postfix) with ESMTP id E5A5F481AF for ; Wed, 12 Nov 2008 14:48:47 -0500 (EST) Received: from slider.localnet (slider.shadypond.com [192.168.1.11]) by lilypad.shadypond.com (Postfix) with ESMTPSA id AE97913183 for ; Wed, 12 Nov 2008 19:48:44 +0000 (UTC) From: Pollywog To: freebsd-questions@freebsd.org Date: Wed, 12 Nov 2008 11:48:59 +0000 References: <408675.46789.qm@web90502.mail.mud.yahoo.com> <200811121858.18494.lists-fbsd@shadypond.com> In-Reply-To: <200811121858.18494.lists-fbsd@shadypond.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200811121148.59495.lists-fbsd@shadypond.com> Subject: Re: xauth failure when tunneling over ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2008 19:49:15 -0000 On Wednesday 12 November 2008 18:58:18 Pollywog wrote: > On Wednesday 12 November 2008 18:20:00 Elliot Isaacson wrote: > > > On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote: > > > > #UsePAM yes > > > > #AllowTcpForwarding yes > > > > #GatewayPorts no > > > > #X11Forwarding yes > > > > #X11DisplayOffset 10 > > > > #X11UseLocalhost yes > > > > #PrintMotd yes > > > > #PrintLastLog yes > > > > #TCPKeepAlive yes > > > > #UseLogin no > > > > #UsePrivilegeSeparation yes > > > > #PermitUserEnvironment no > > > > #Compression delayed > > > > #ClientAliveInterval 0 > > > > #ClientAliveCountMax 3 > > > > #UseDNS yes > > > > #PidFile /var/run/sshd.pid > > > > #MaxStartups 10 > > > > #PermitTunnel no > > > > > > Shouldn't PermitTunnel be set to yes ? > > > > Thanks for the suggestion. PermitTunnel has something to do with > > using a specific software network loopback device, tun(4). I don't > > think it has anything to do with forwarding traffic, X11 or > > otherwise, through an ssh tunnel. Just to be sure I tried switching > > that on, but it didn't seem to help. > > > > This is a reiteration of the problem so no one has to sift though > > the archives to find it: > > > > $ xhost + > > > > $ ssh -Y 192.ip.of.freebsdserver > > Warning: No xauth data; using fake authentication data for X11 > > forwarding. > > > > /usr/local/bin/xauth: > > In case you have not done so, you should also check /etc/ssh/ssh_config on > the client machines. I had to add something like this on my client machine > which is Linux: > > Host localhost > HostName 127.0.0.1 > ForwardAgent yes > ForwardX11 yes > ForwardX11Trusted yes > PubkeyAuthentication yes > PasswordAuthentication yes > Protocol 2 > > Host * > ForwardAgent no > ForwardX11 no > ForwardX11Trusted yes > XAuthLocation /usr/bin/xauth > > > If you are using gdm on the server, you might try shutting that down for > testing. I seem to recall having to modify some setting in gdm that had to > do with xauth. I did not make a note of what I did though. If you run gdm on the server: I checked one of my boxes which runs Linux and I have this in /etc/gdm/gdm.conf UserAuthFBDir=/tmp UserAuthFile=.Xauthority I don't believe this was set by default, I believe it was commented out on my FreeBSD box and it was causing problems until I uncommented the two lines. You might try running 'ssh -vv ' when connecting from the command line if you have not tried that.