Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 12 Nov 2008 11:48:59 +0000
From:      Pollywog <lists-fbsd@shadypond.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: xauth failure when tunneling over ssh
Message-ID:  <200811121148.59495.lists-fbsd@shadypond.com>
In-Reply-To: <200811121858.18494.lists-fbsd@shadypond.com>
References:  <408675.46789.qm@web90502.mail.mud.yahoo.com> <200811121858.18494.lists-fbsd@shadypond.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 12 November 2008 18:58:18 Pollywog wrote:
> On Wednesday 12 November 2008 18:20:00 Elliot Isaacson wrote:
> > > On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote:
> > > > #UsePAM yes
> > > > #AllowTcpForwarding yes
> > > > #GatewayPorts no
> > > > #X11Forwarding yes
> > > > #X11DisplayOffset 10
> > > > #X11UseLocalhost yes
> > > > #PrintMotd yes
> > > > #PrintLastLog yes
> > > > #TCPKeepAlive yes
> > > > #UseLogin no
> > > > #UsePrivilegeSeparation yes
> > > > #PermitUserEnvironment no
> > > > #Compression delayed
> > > > #ClientAliveInterval 0
> > > > #ClientAliveCountMax 3
> > > > #UseDNS yes
> > > > #PidFile /var/run/sshd.pid
> > > > #MaxStartups 10
> > > > #PermitTunnel no
> > >
> > > Shouldn't PermitTunnel be set to yes  ?
> >
> > Thanks for the suggestion. PermitTunnel has something to do with
> > using a specific software network loopback device, tun(4). I don't
> > think it has anything to do with forwarding traffic, X11 or
> > otherwise, through an ssh tunnel. Just to be sure I tried switching
> > that on, but it didn't seem to help.
> >
> > This is a reiteration of the problem so no one has to sift though
> > the archives to find it:
> >
> > $ xhost +
> >
> > $ ssh -Y 192.ip.of.freebsdserver
> > Warning: No xauth data; using fake authentication data for X11
> > forwarding.
> >
> > /usr/local/bin/xauth:
>
> In case you have not done so, you should also check /etc/ssh/ssh_config on
> the client machines.  I had to add something like this on my client machine
> which is Linux:
>
> Host localhost
>   HostName 127.0.0.1
>   ForwardAgent yes
>   ForwardX11 yes
>   ForwardX11Trusted yes
>   PubkeyAuthentication yes
>   PasswordAuthentication yes
>   Protocol 2
>
> Host *
>    ForwardAgent no
>    ForwardX11 no
>    ForwardX11Trusted yes
>    XAuthLocation /usr/bin/xauth
>
>
> If you are using gdm on the server, you might try shutting that down for
> testing.  I seem to recall having to modify some setting in gdm that had to
> do with xauth.  I did not make a note of what I did though.
If you run gdm on the server:

I checked one of my boxes which runs Linux and I have this in 
/etc/gdm/gdm.conf

UserAuthFBDir=/tmp
UserAuthFile=.Xauthority

I don't believe this was set by default, I believe it was commented out on my 
FreeBSD box and it was causing problems until I uncommented the two lines.

You might try running 'ssh -vv <hostname>'  when connecting from the command 
line if you have not tried that.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811121148.59495.lists-fbsd>