Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ssh -X untrusted X11 forwarding setup failed, no auth data
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
rockdragon
n00b
n00b


Joined: 18 Jan 2009
Posts: 8

PostPosted: Sun Aug 29, 2010 10:52 pm    Post subject: ssh -X untrusted X11 forwarding setup failed, no auth data Reply with quote

Hi @all

ssh&xauth issues aren't quite new I know, but even after searching some threads I still didn't found what I'm looking for.

I want to use ssh -X (not ssh -Y, which works! Main reason: I don't want remote X apps to temper with my controls) to start X applications remotly on my gentoo box.

But every time i logged in, I got these
Code:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.

messages.

running ssh -vvv -X remotehost reveals
Code:

debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-iEnVnh4826/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.


the xauth call seems to fail, so I tried (not knowing if thats the right way to solve this..)
Code:

$/usr/bin/xauth -f /tmp/ssh-iEnVnh4826/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200
$/usr/bin/xauth:  error in locking authority file /tmp/ssh-iEnVnh4826/xauthfile


however:
Code:

$mkdir /tmp/ssh-iEnVnh4826/         
$/usr/bin/xauth -f /tmp/ssh-iEnVnh4826/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200
/usr/bin/xauth:  creating new authority file /tmp/ssh-iEnVnh4826/xauthfile
/usr/bin/xauth: (argv):1:  couldn't query Security extension on display ":0.0"


After typing this post, I finally found a bug report discussing just my Problem :)
https://bugs.gentoo.org/237778

So it seems the untrusted clients functionality is broken (unsafe hashs, whatever...) and the Xserver - "Security extensions" are disabled by default by the gentoo developers.

So its still ssh -Y after all.

good day
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum