From owner-freebsd-x11@freebsd.org Fri May 5 03:45:17 2017 Return-Path: Delivered-To: freebsd-x11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A8D2D5D3EE for ; Fri, 5 May 2017 03:45:17 +0000 (UTC) (envelope-from mccrobie2000@gmail.com) Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 257121D05 for ; Fri, 5 May 2017 03:45:17 +0000 (UTC) (envelope-from mccrobie2000@gmail.com) Received: by mail-qk0-x22a.google.com with SMTP id n4so26637755qkc.0 for ; Thu, 04 May 2017 20:45:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=s0IicLo/DmPpcTUagWOgZitxOHxvCTfwAtLIR78BV/o=; b=PqkOUWEY+EEvEyrTiXEfYbc+LxITcF9HKe79VIWnHJ+dGyaPfy70Vu/izq8fQZL/bN fZn9/avPgiBpMSwKIz3imv1QkWAiUQTKB6igsVvWQ9JUEtAdhShaFWHGZZJlm5c2QXFb XLmmfJx0JSUu9HigVbOmswwj+eyJVUlTO/pbq6Xsq9kCt42XpmCPKLgciJXbqsVjWnoR xxMItCePRvL9U+QRannCTMkgTbIIRNOWW8UVe+dC/epjBAbwge4Et/SXVrZblZF3Vf19 Ko5cFMEWbfNr6jNGs1yg9EzizeSyVK3ymxQBQ0lgXxmU23FyHvM8uBM9gcRyhW+5hiZr nz7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=s0IicLo/DmPpcTUagWOgZitxOHxvCTfwAtLIR78BV/o=; b=uXN7uP1nvLwbyq2DqAqML3XUpOD1gcElnz4hfoTD1OY0aNbV/aC7li65+7cAPwKI9c 84Ur+0JhGSo2ZhmI2DbV1/dkbYwCudvioB6vVAjcktgqNR7KUza52D/AfcOlKdTmE1p9 s3qlt1r9yMCRczMZ/6gEQql0XE5lP0lY8zUA8vRs6fJ7rb89xkrSsdY8f4Kmb1ZJYj9H bh/p1bhEbWq3uXEX0on7KKrxLkHvq0h73/EcsH7nC++IZErbz4jJUHMIjwwg/2Tm6WMp 7Z2ejHiUJjy6RlPOoOqWX/miKOWjKRN4e3InH6fbOSWl9BKUQ/kkYcAM4DR4QQjZb0iU TtgQ== X-Gm-Message-State: AN3rC/4qd/iHTew+JGzYDx6tk224fMGm3ugQj9TD3bj9ILG9gY3dNKXd JEbujI8aN8ZPjhvr X-Received: by 10.55.103.82 with SMTP id b79mr10374466qkc.46.1493955915949; Thu, 04 May 2017 20:45:15 -0700 (PDT) Received: from gti-no6.my.domain (pool-72-83-19-103.washdc.fios.verizon.net. [72.83.19.103]) by smtp.googlemail.com with ESMTPSA id b23sm3097163qkb.31.2017.05.04.20.45.15 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 May 2017 20:45:15 -0700 (PDT) To: freebsd-x11@freebsd.org From: Chuck McCrobie Subject: X11 Forwarding Not Working Message-ID: Date: Thu, 4 May 2017 23:45:14 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2017 03:45:17 -0000 Not sure if this is the correct mailing list. I've attempted to include all relevant information. Synopsis ------------ Attempting to ssh -X fedora23 freebsd11-stable. I get usr/local/bin/xauth: (stdin):1: bad display name "unix:10.0" in "remove" command /usr/local/bin/xauth: (stdin):2: bad display name "unix:10.0" in "add" command ----- FreeBSD ----- $ echo $DISPLAY localhost:10.0 $ konsole X11 connection rejected because of wrong authentication. Segmentation fault (core dumped) ----------- /etc/rc.conf ---------- ifconfig_em0="DHCP" vboxguest_enable="YES" vboxservice_enable="YES" dbus_enable="YES" hald_enable="YES" kdm4_enable="YES" sshd_enable="NO" openssh_enable="YES" ----------- /usr/local/etc/ssh/sshd_config ---------- default as installed by pkg add openssh-portable # $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH= # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /usr/local/etc/ssh/ssh_host_rsa_key #HostKey /usr/local/etc/ssh/ssh_host_dsa_key #HostKey /usr/local/etc/ssh/ssh_host_ecdsa_key #HostKey /usr/local/etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /usr/local/etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. #PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum FreeBSD-openssh-portable-7.5.p1,1 # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/local/libexec/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes # disable hpn performance boosts #HPNDisabled no # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 # allow the use of the none cipher #NoneEnabled no # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server ---------- pkg info openssh-portable --------- pkg info openssh-portable openssh-portable-7.5.p1,1 Name : openssh-portable Version : 7.5.p1,1 Installed on : Fri May 5 01:30:06 2017 UTC Origin : security/openssh-portable Architecture : FreeBSD:11:amd64 ---------- .XAuthority ---------- EMPTY ------ uname -a on Linux ------ Linux gti-no6.my.domain 4.8.12-100.fc23.x86_64 #1 SMP Fri Dec 2 17:52:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux ------ uname -r on FreeBSD ----- 11.0-STABLE ------ ssh -v -X me@192.168.2.179 ------ (192.168.2.179 is the FreeBSD 11-STABLE machine) ssh -v -X me@192.168.2.179 OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016 debug1: Reading configuration data /home/xxx/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 192.168.2.179 [192.168.2.179] port 22. debug1: Connection established. debug1: identity file /home/xxx/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxx/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxx/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxx/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxx/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxx/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxx/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxx/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5-hpn14v5 FreeBSD-openssh-portable-7.5.p1,1 debug1: match: OpenSSH_7.5-hpn14v5 FreeBSD-openssh-portable-7.5.p1,1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.2.179:22 as 'me' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64 debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:nGH5+5gHLLkPxS1JF/ccT9dI9KiplE72Y6YJMwMZD8Y debug1: Host '192.168.2.179' is known and matches the ECDSA host key. debug1: Found key in /home/xxx/.ssh/known_hosts:71 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/xxx/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/xxx/.ssh/id_dsa debug1: Trying private key: /home/xxx/.ssh/id_ecdsa debug1: Trying private key: /home/xxx/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive Password for me@: debug1: Authentication succeeded (keyboard-interactive). Authenticated to 192.168.2.179 ([192.168.2.179]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: exec debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Requesting X11 forwarding with authentication spoofing. debug1: Sending environment. debug1: Sending env XMODIFIERS = @im=none debug1: Sending env LANG = en_US.UTF-8 debug1: Sending env LANGUAGE = Last login: Fri May 5 03:15:53 2017 from 192.168.2.237 FreeBSD 11.0-STABLE (GENERIC) #0 r317153: Thu Apr 20 05:43:02 UTC 2017 Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. /usr/local/bin/xauth: file /home/me/.Xauthority does not exist /usr/local/bin/xauth: (stdin):1: bad display name "unix:10.0" in "remove" command /usr/local/bin/xauth: (stdin):2: bad display name "unix:10.0" in "add" command You can automatically download and install binary packages by doing pkg install This will also automatically install the packages that are dependencies for the package you install (ie, the packages it needs in order to work.) ---------- pkg info xauth ---------- pkg info xauth xauth-1.0.10 Name : xauth Version : 1.0.10 Installed on : Fri May 5 02:20:59 2017 UTC Origin : x11/xauth Architecture : FreeBSD:11:amd64 --------- Linux (source system) /etc/ssh/ssh_config ---------- Host * GSSAPIAuthentication yes # If this option is set to yes then remote X11 clients will have full access # to the original X11 display. As virtually no X11 client supports the untrusted # mode correctly we set this to yes. ForwardX11 yes ForwardX11Trusted yes # Send locale-related environment variables SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE SendEnv XMODIFIERS ---------- on FreeBSD ---------- host gti-no6.my.domain gti-no6.my.domain has address 192.168.2.237 ---------- on FreeBSD --------- more /etc/resolv.conf # Generated by resolvconf search my.domain nameserver 192.168.2.1