Date: Thu, 12 Jul 2001 22:10:44 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Kevin Oberman" <oberman@es.net>, "Philip Murray" <me@philth.net.nz> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: SSH & X11 Forwarding Message-ID: <000101c10b5a$2b3f1080$1401a8c0@tedm.placo.com> In-Reply-To: <200107102242.f6AMgNA25908@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I use the X11 forwarding in a licensed copy of SecureCRT under FreeBSD without problems. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kevin Oberman >Sent: Tuesday, July 10, 2001 3:42 PM >To: Philip Murray >Cc: freebsd-questions@FreeBSD.ORG >Subject: Re: SSH & X11 Forwarding > > >> From: "Philip Murray" <me@philth.net.nz> >> Date: Tue, 10 Jul 2001 15:40:35 +1200 >> Sender: owner-freebsd-questions@FreeBSD.ORG >> >> I'm having trouble getting X11 forwarding over SSH to work with >FreeBSD. I'm >> using SecureCRT client and have X11 Forwarding enabled. It works fine in >> Linux, but in FreeBSD I get the following error: >> >> SecureCRT : Incoming X11 connection authentication protocol name () is >> different than SecureCRT's (MIT-MAGIC-COOKIE-1) >> X connection to sparlak.philth.net.nz:10.0 broken (explicit kill or server >> shutdown). >> >> Both times I'm using SSH1 protocol and 3Des encryption, and OpenSSH 2.5 on >> the *nix side of things. >> >> What does it mean, and how can I fix it? > >X11 does user authentication based on cookies. The original cookie >encoding was called MIT-MAGIC-COOKIE-1. It is in vary common use, but >was cracked long ago and is not secure. > >An alternative mechanism, XDM-AUTHORIZATION-1, was developed using DES >for encryption. It's a far safer system, but was long un-exportable >(from the US and Canada) because it require DES. So all X11 distros >include MIT-MAGIC-COOKIE-1 out of the box, but still require the >manual inclusion of the DES code module to support >XDM-AUTHORIZATION-1. > >I suspect you system uses the stronger XDM-AUTHORIZATION-1 system >exclusively and rejects attempts to use the MIT-MAGIC-COOKIE-1 cookies >while SecureCRT only supports the MIT-MAGIC-COOKIE-1. > >I'd contact Van Dyke about it, assuming you have a licensed copy of >SecureCRT. > >R. Kevin Oberman, Network Engineer >Energy Sciences Network (ESnet) >Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) >E-mail: oberman@es.net Phone: +1 510 486-8634 > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000101c10b5a$2b3f1080$1401a8c0>