From owner-freebsd-questions@freebsd.org  Thu May 10 15:46:04 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 060A0FCE315
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 10 May 2018 15:46:04 +0000 (UTC)
 (envelope-from bferrell@baywinds.org)
Received: from baywinds.org (50-196-187-248-static.hfc.comcastbusiness.net
 [50.196.187.248])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "baywinds.org", Issuer "rr-v" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 98283778F8
 for <freebsd-questions@freebsd.org>; Thu, 10 May 2018 15:46:03 +0000 (UTC)
 (envelope-from bferrell@baywinds.org)
Received: from bruces-MacBook-Pro.local (mac [192.0.2.93])
 by baywinds.org (8.14.4/8.14.4) with ESMTP id w4AFk0h5017983
 for <freebsd-questions@freebsd.org>; Thu, 10 May 2018 08:46:00 -0700
Subject: Re: ssh -X remote does not work due to problem with xauth
To: freebsd-questions@freebsd.org
References: <mailman.103.1525953601.52518.freebsd-questions@freebsd.org>
 <587e3b37-c5c7-4af2-80e2-f7c040a4d221@unixarea.de>
 <7edbad31-8ac8-9c27-2536-9a9a37a579b6@kicp.uchicago.edu>
 <20180510150154.GA2699@c720-r314251>
From: Bruce Ferrell <bferrell@baywinds.org>
Message-ID: <0b7b1b99-36cb-d22c-b2a2-84120f6f1359@baywinds.org>
Date: Thu, 10 May 2018 08:46:00 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0)
 Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180510150154.GA2699@c720-r314251>
Content-Language: en-US
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 15:46:04 -0000



On 5/10/18 8:01 AM, Matthias Apitz wrote:
> El día jueves, mayo 10, 2018 a las 09:38:16a. m. -0500, Valeri Galtsev escribió:
>
>>
>> On 05/10/18 09:00, Matthias Apitz wrote:
>>> On Thursday, 10 May 2018 14:34:27 CEST, James B. Byrne
>>> <byrnejb@harte-lyne.ca> wrote:
>>>> On Wed, May 9, 2018 14:09, Matthias Apitz wrote:
>>>>
>>>> What is the ownership of and permissions on .Xauthority on the remote
>>>> host?
>>>>
>>> It's owned by me, created as new if not there, but with size=0.
>> Did you check that you are not up against hard quota, and the filesystem
>> is not full? I already suggested that, but my message seems to miss your
>> attention. One thing you can try on remote host is:
> The remote host is one of our central development hosts, has not quota,
> no file sys full and plenty much GB of disk space:
>
> $ scp  /boot/kernel/kernel apitzm@s70devl:.
> $ ssh apitzm@s70devl ls -lh kernel
> -r-xr-xr-x 1 apitzm apitzm 26M 10. Mai 16:49 kernel
> $ ssh apitzm@s70devl LANG=C df -kh .
> Filesystem                   Size  Used Avail Use% Mounted on
> /dev/mapper/vg_root-lv_root  337G   68G  268G  21% /
>
>> Another possibility on multi-user system when this works for others but
>> not for you is if you as UNIX user is prohibited [X]-forwarding by
>> sysadmin (-"fascist"). I as sysadmin only twice during last decade had
>> to restrict one single user from doing something, but it still is the
>> possibility.
> I don't think, that our IT department does such things against the Tech Head
> I am :-)
>
> I do thank for all replies, but have to say, that all ignored the provided
> truss output (at least in all replies). Here it is again and shows that
> there is a LOCAL problem; the LOCAL /usr/local/bin/xauth tries to
> create the LOCAL file /tmp/ssh-adSkh4btDHWr/xauthfile (perhaps to move it over
> the SSH channel to the remote end) and it fails doing this:
>
> $ grep xauth ssh.tr
>   2505: stat("/usr/local/bin/xauth",{ mode=-rwxr-xr-x ,inode=15268663,size=41056,blksize=32768 }) = 0 (0x0)
>   2505: write(2,"debug2: client_x11_get_proto: /usr/local/bin/xauth -f /tmp/ssh-adSkh4btDHWr/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted timeout 1260 2>/dev/null\r\n",153) = 153 (0x99)
>   2506: execve("/usr/local/bin/xauth",0x80145a260,0x80145a408) = 0 (0x0)
>   2506: stat("/tmp/ssh-adSkh4btDHWr/xauthfile-c",0x7fffffffdb80) ERR#2 'No such file or directory'
>   2506: openat(AT_FDCWD,"/tmp/ssh-adSkh4btDHWr/xauthfile-c",O_WRONLY|O_CREAT|O_EXCL,0600) = 3 (0x3)
>   2506: pathconf("/tmp/ssh-adSkh4btDHWr/xauthfile-c",_PC_LINK_MAX) = 32767 (0x7fff)
>   2506: link("/tmp/ssh-adSkh4btDHWr/xauthfile-c","/tmp/ssh-adSkh4btDHWr/xauthfile-l") = 0 (0x0)
>   2506: access("/tmp/ssh-adSkh4btDHWr/xauthfile",F_OK) ERR#2 'No such file or directory'
>   2506: open("/tmp/ssh-adSkh4btDHWr/xauthfile",O_RDONLY,0666) ERR#2 'No such file or directory'
>   2506: access("/tmp/ssh-adSkh4btDHWr/xauthfile",F_OK) ERR#2 'No such file or directory'
>   2506: write(2,"/usr/local/bin/xauth:  file /tmp/ssh-adSkh4btDHWr/xauthfile does not exist\n",75) = 75 (0x4b)
>   2506: access("/tmp/kde-guru/xauth-1001-_0",R_OK) = 0 (0x0)
>   2506: open("/tmp/kde-guru/xauth-1001-_0",O_RDONLY,0666) = 4 (0x4)
>   2506: write(2,"/usr/local/bin/xauth: (argv):1:  ",33) = 33 (0x21)
>   2506: lstat("/tmp/ssh-adSkh4btDHWr/xauthfile-c",{ mode=-rw------- ,inode=24961,size=0,blksize=32768 }) = 0 (0x0)
>   2506: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile-c") = 0 (0x0)
>   2506: lstat("/tmp/ssh-adSkh4btDHWr/xauthfile-l",{ mode=-rw------- ,inode=24961,size=0,blksize=32768 }) = 0 (0x0)
>   2506: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile-l") = 0 (0x0)
>   2505: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile") ERR#2 'No such file or directory'
>   2505: write(2,"Warning: untrusted X11 forwarding setup failed: xauth key data not generated\r\n",78) = 78 (0x4e)
>
> $ grep Sec ssh.tr
>   2505: read(3,"\0\0\^A\^D\v\^_\0\0\0h\0\0\0\^Secdsa-sha2-nistp256\0\0\0\bnistp256\0\0\0A\^D\^Qa<x\^U\M-jW\M-Hy/\M-:\M-b\^Qc\M-\^\^SG\M^ZT|\M-ck7\M-H\M-s\M-gKNi\n\M^Ex\M-;D.\M-w\M-'\^O\^T\^Uls\M^Y\M-D\M-5{\M-6\M-3d\M-U\M-P\M-Ck\M-*7\a\^U\^W\M-^\M^Il\M-n\M-,\0\0\0 M\M-G"...,8192) = 364 (0x16c)
>   2506: write(2,"couldn't query Security extension on display ":0"\n",50) = 50 (0x32)
>
> One can simulate the xauth call locally and without redirecting STDERR and
> will see the same error:
>
> $ /usr/local/bin/xauth -f /tmp/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted timeout 1260
> /usr/local/bin/xauth:  file /tmp/xauthfile does not exist
> /usr/local/bin/xauth: (argv):1:  couldn't query Security extension on display ":0"
>
> This, and the fact that my colleagues do not face the problem, let me
> strongly think in a LOCAL problem, maybe of the Xorg server which is xorg-7.7_2
> from the ports.
>
> Thanks again for reading my post.
>
> 	matthias
Matthias,

I think this output is key:

couldn't query Security extension on display ":0"

xauth (at the sshd end) is attempting to interrogate the X server on the 
ssh end and not getting an expected response, and as a result failing to 
generate the necessary entries in the file xauth file.

searching the error on google found this:

https://groups.google.com/forum/#!topic/de.comp.os.unix.x11/44yHbl-RP_8

It has a nice step-by-step of what and how xauth is doing it's magic

Its the X server at the ssh end (your end).  I suspect you'll find your 
colleagues are using a somewhat different X server and that explains the 
difference in your operation vs yours... And that corresponds to your 
comment about the Xorg server.