Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
x11 forwarding via ssh fails
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Wed May 01, 2013 2:31 pm    Post subject: x11 forwarding via ssh fails Reply with quote

when I try sshing to my pc: $ssh -x 192.168.1.6
I get:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
X11 forwarding request failed on channel 0

I honestly cannot provide any info on when this started happening, if any log files are needed please tell me

thanks
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Wed May 01, 2013 2:36 pm    Post subject: Reply with quote

Use:

Code:
ssh -Y 92.168.1.6


don't forger to xhost + on your local machine first.
then do the above and export the display, log out and log in again.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3374

PostPosted: Wed May 01, 2013 5:14 pm    Post subject: Reply with quote

Don't do "xhost +", at least not if your system is on a network. In fact "xhost" is just plain a horrible security hole. "xauth" is much better, and there are those-who-wear-tin-hats that will insist that MIT-MAGIC-COOKIE-1 is weak.

chiefbag alluded to, but didn't quite state succintly: (from "man ssh")
Code:
     -X      Enables X11 forwarding.  This can also be specified on a per-host
             basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the
             ability to bypass file permissions on the remote host (for the
             user’s X authorization database) can access the local X11 display
             through the forwarded connection.  An attacker may then be able
             to perform activities such as keystroke monitoring.

             For this reason, X11 forwarding is subjected to X11 SECURITY
             extension restrictions by default.  Please refer to the ssh -Y
             option and the ForwardX11Trusted directive in ssh_config(5) for
             more information.

     -x      Disables X11 forwarding.

     -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not
             subjected to the X11 SECURITY extension controls.

Your line had a lowercase "-x", which is backwards from what you wanted.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Wed May 01, 2013 5:59 pm    Post subject: Reply with quote

well I don't want to use Y
i want to fix ssh -X like it used to be
and -x was a misspell I meant -X
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13498

PostPosted: Wed May 01, 2013 9:16 pm    Post subject: Reply with quote

chiefbag wrote:
Use:

Code:
ssh -Y 92.168.1.6


don't forger to xhost + on your local machine first.
then do the above and export the display, log out and log in again.
In addition to being wrong about advising xhost +, this is also wrong to suggest manipulation of $DISPLAY. When ssh X11 forwarding is done properly, $DISPLAY will be set automatically.

OP: why do you want to use untrusted X11 forwarding? That is typically only used in cases where you do not trust the administrator of the remote machine. It imposes some performance problems by disallowing use of X11 features that modern programs assume will be present.
Back to top
View user's profile Send private message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Thu May 02, 2013 5:22 pm    Post subject: Reply with quote

here's what I get when I ssh -Y:
X11 forwarding request failed on channel 0

even if I log in via -Y i still prefer not having something not working on linux, I use this laptop at work as well and you can never tell when you need an option
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5592

PostPosted: Thu May 02, 2013 6:20 pm    Post subject: Reply with quote

Does the server have X11Forwarding enabled in the config file?
Back to top
View user's profile Send private message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Mon May 06, 2013 8:44 am    Post subject: Reply with quote

how can I tell?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum