Date: Tue, 4 May 2010 12:04:56 -0700 From: Galen Sampson <galen.sampson@gmail.com> To: x11@FreeBSD.org Subject: ssh -X (xauth) and the missing SECURITY extension Message-ID: <u2v2dd483ff1005041204xe5b5a7coe720463033213c0@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
All, I have been trying to use "ssh -X" to enable remote applications to use my local X server.=A0 This never works. I would use "ssh -Y" (or set the ForwardX11Trusted options to "yes") but the ssh man page related to -Y kinda scares me away. A "ssh -X -vvv" shows this xauth command being run: /usr/local/bin/xauth -f /tmp/ssh-tmlUOx2553/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 ssh shows this: Warning: untrusted X11 forwarding setup failed: xauth key data not generate= d Warning: No xauth data; using fake authentication data for X11 forwarding. Graphical applications fail to start on the remote system due to this. When xauth is run by hand, the following is displayed: /usr/local/bin/xauth -f /tmp/xauthtest generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 /usr/bin/xauth: (argv):1: couldn't query Security extension on display ":0= .0" Steps to Reproduce: 1. ssh -X <machine> 2. xterm Actual Results: The graphical app (xterm in this case) fails to start. Expected Results: The app should be run and displayed on the local machine. I have noticed that in xorg-server-1.7.5,1 the X security extension is disabled.=A0 If I use the patch below xauth generate (and hence ssh -X) work as expected. [504] testbsd:xorg-server$=A0 /usr/local/bin/xauth -f /tmp/xauthtest generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 /usr/local/bin/xauth:=A0 creating new authority file /tmp/xauthtest <-----snip------- --- Makefile.orig 2010-05-04 11:55:41.000000000 -0700 +++ Makefile 2010-05-03 23:10:00.000000000 -0700 @@ -38,7 +38,7 @@ USE_PERL5_BUILD=3Dyes CONFIGURE_ARGS=3D --disable-dmx --disable-xvfb --disable-xnest \ --localstatedir=3D/var --without-dtrace --disable-xephyr \ - --enable-record=3Dyes + --enable-record=3Dyes --enable-xcsecurity MAN1=3D Xorg.1 \ Xserver.1 \ <-----snip------- Maybe there is a good reason that the SECURITY extension is disabled. I just wanted to post this here and hopefully find a way to explain the solution to a larger community. For what its worth I notice that many linux distro's with very new Xorg servers still seem to have the SECURITY extension enabled. Regards, Galen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2v2dd483ff1005041204xe5b5a7coe720463033213c0>