Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 Nov 2008 18:58:18 +0000
From:      Pollywog <lists-fbsd@shadypond.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: xauth failure when tunneling over ssh
Message-ID:  <200811121858.18494.lists-fbsd@shadypond.com>
In-Reply-To: <408675.46789.qm@web90502.mail.mud.yahoo.com>
References:  <408675.46789.qm@web90502.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday 12 November 2008 18:20:00 Elliot Isaacson wrote:
> > On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote:
> > > #UsePAM yes
> > > #AllowTcpForwarding yes
> > > #GatewayPorts no
> > > #X11Forwarding yes
> > > #X11DisplayOffset 10
> > > #X11UseLocalhost yes
> > > #PrintMotd yes
> > > #PrintLastLog yes
> > > #TCPKeepAlive yes
> > > #UseLogin no
> > > #UsePrivilegeSeparation yes
> > > #PermitUserEnvironment no
> > > #Compression delayed
> > > #ClientAliveInterval 0
> > > #ClientAliveCountMax 3
> > > #UseDNS yes
> > > #PidFile /var/run/sshd.pid
> > > #MaxStartups 10
> > > #PermitTunnel no
> >
> > Shouldn't PermitTunnel be set to yes  ?
>
> Thanks for the suggestion. PermitTunnel has something to do with
> using a specific software network loopback device, tun(4). I don't
> think it has anything to do with forwarding traffic, X11 or
> otherwise, through an ssh tunnel. Just to be sure I tried switching
> that on, but it didn't seem to help.
>
> This is a reiteration of the problem so no one has to sift though
> the archives to find it:
>
> $ xhost +
>
> $ ssh -Y 192.ip.of.freebsdserver
> Warning: No xauth data; using fake authentication data for X11
> forwarding.
>
> /usr/local/bin/xauth:
>
>

In case you have not done so, you should also check /etc/ssh/ssh_config on the 
client machines.  I had to add something like this on my client machine which 
is Linux:

Host localhost
  HostName 127.0.0.1
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  PubkeyAuthentication yes
  PasswordAuthentication yes
  Protocol 2

Host *
   ForwardAgent no
   ForwardX11 no
   ForwardX11Trusted yes
   XAuthLocation /usr/bin/xauth


If you are using gdm on the server, you might try shutting that down for 
testing.  I seem to recall having to modify some setting in gdm that had to do 
with xauth.  I did not make a note of what I did though.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811121858.18494.lists-fbsd>