Date: Tue, 10 Jul 2001 15:42:22 -0700 From: "Kevin Oberman" <oberman@es.net> To: "Philip Murray" <me@philth.net.nz> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH & X11 Forwarding Message-ID: <200107102242.f6AMgNA25908@ptavv.es.net> In-Reply-To: Your message of "Tue, 10 Jul 2001 15:40:35 %2B1200." <001d01c108f2$14889dd0$0300a8c0@sparlak>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: "Philip Murray" <me@philth.net.nz> > Date: Tue, 10 Jul 2001 15:40:35 +1200 > Sender: owner-freebsd-questions@FreeBSD.ORG > > I'm having trouble getting X11 forwarding over SSH to work with FreeBSD. I'm > using SecureCRT client and have X11 Forwarding enabled. It works fine in > Linux, but in FreeBSD I get the following error: > > SecureCRT : Incoming X11 connection authentication protocol name () is > different than SecureCRT's (MIT-MAGIC-COOKIE-1) > X connection to sparlak.philth.net.nz:10.0 broken (explicit kill or server > shutdown). > > Both times I'm using SSH1 protocol and 3Des encryption, and OpenSSH 2.5 on > the *nix side of things. > > What does it mean, and how can I fix it? X11 does user authentication based on cookies. The original cookie encoding was called MIT-MAGIC-COOKIE-1. It is in vary common use, but was cracked long ago and is not secure. An alternative mechanism, XDM-AUTHORIZATION-1, was developed using DES for encryption. It's a far safer system, but was long un-exportable (from the US and Canada) because it require DES. So all X11 distros include MIT-MAGIC-COOKIE-1 out of the box, but still require the manual inclusion of the DES code module to support XDM-AUTHORIZATION-1. I suspect you system uses the stronger XDM-AUTHORIZATION-1 system exclusively and rejects attempts to use the MIT-MAGIC-COOKIE-1 cookies while SecureCRT only supports the MIT-MAGIC-COOKIE-1. I'd contact Van Dyke about it, assuming you have a licensed copy of SecureCRT. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107102242.f6AMgNA25908>