From owner-freebsd-questions Sun Jul 28 7:24: 1 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BFFF37B400 for ; Sun, 28 Jul 2002 07:23:58 -0700 (PDT) Received: from mailhost.iprg.nokia.com (mailhost.iprg.nokia.com [205.226.5.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id E553F43E5E for ; Sun, 28 Jul 2002 07:23:57 -0700 (PDT) (envelope-from hunt@iprg.nokia.com) Received: from darkstar.iprg.nokia.com (darkstar.iprg.nokia.com [205.226.5.69]) by mailhost.iprg.nokia.com (8.9.3/8.9.3-GLGS) with ESMTP id HAA28341 for ; Sun, 28 Jul 2002 07:23:57 -0700 (PDT) X-Delivered-For: Received: (from root@localhost) by darkstar.iprg.nokia.com (8.11.0/8.11.0-DARKSTAR) id g6SENuw22981; Sun, 28 Jul 2002 07:23:56 -0700 X-mProtect: <200207281423> Nokia Silicon Valley Messaging Protection Received: from UNKNOWN (205.226.1.181, claiming to be "iprg.nokia.com") by darkstar.iprg.nokia.com smtpdawMzCh; Sun, 28 Jul 2002 07:23:53 PDT Message-ID: <3D43FE7D.F476CEBC@iprg.nokia.com> Date: Sun, 28 Jul 2002 07:23:57 -0700 From: Peter Hunt Reply-To: hunt@IPRG.nokia.com Organization: Nokia IPRG X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: Auth problem when tunnelling X11 over ssh Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm having trouble forwarding X11 over an ssh connection between a remote 4.3-RELEASE server and my local desktop (also 4.3-RELEASE). The server used to be a 3.4-RELEASE system, and my configuration worked without any problems. Since upgrading the server to 4.3-RELEASE, however, X authentication fails consistently over ssh. I have ForwardX11 set to "yes" in my config file, and after I slogin to the remote server, I see the extra X11 ports open in LISTEN state. eg.: Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 *.6011 *.* LISTEN tcp46 0 0 *.6011 *.* LISTEN My DISPLAY variable is set to the correct value (eg.server.domain.com:11.0). However, when I start an xterm, I get the following (verbose) messages: debug: client_input_channel_open: ctype x11 rchan 3 win 4096 max 2048 debug: fd 12 setting O_NONBLOCK debug: fd 12 IS O_NONBLOCK debug: channel 6: new [x11] debug: confirm x11 debug: X11 auth data does not match fake data. debug: X11 rejected 6 i1/o16 I have the following entries in the .Xauthority files on both machines. On my desktop: desktop.domain.com:0 MIT-MAGIC-COOKIE-1 desktop.domain.com/unix:0 MIT-MAGIC-COOKIE-1 On the remote server: server.domain.com:11 MIT-MAGIC-COOKIE-1 server.domain.com/unix:11 MIT-MAGIC-COOKIE-1 The value of in all the entries above is the same. I have similar entries for display 10, 12, 13 ... on the server, in case I get a different display; the ssh server is shared. I've tried connecting using IPv4 only, and forcing sshv2, but I got the same error message. Trying to use xhost (as a last resort) resulted in an authentication mismatch error. The ssh version on both ends is: SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). My desktop X server is XFree86 4.002, if that makes a difference. Any information, suggestions or dope slaps welcome. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message