Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
Re: X forwarding (still) broken on Linux
domi at saargate
Apr 11, 2000, 3:41 AM
Post #1 of 3 (611 views)
Permalink
On Sun, 9 Apr 2000, barker@ling.ucsd.edu wrote:

> This may be a lack-of-adequate-documentation problem rather than a bug,
> but I can't get X forwarding to work:
>
> localhost$ set | grep DIS
> DISPLAY=localhost.localdomain:11.0
> localhost$ set | grep XA
> XAUTHORITY=/tmp/ssh-gzg13204/cookies
> localhost$ ssh -v localhost
> SSH Version OpenSSH-1.2.3, protocol version 1.5.
> Compiled with SSL.
> [snip]
> debug: Requesting X11 forwarding with authentication spoofing.
> debug: Requesting authentication agent forwarding.
> debug: Requesting shell.
> debug: Entering interactive session.
> Last login: Sat Apr 8 16:11:00 2000 from localhost
> localhost$ xeyes
> debug: Received X11 open request.
> debug: channel 0: new [X11 connection from localhost port 1502]
> debug: X11 connection uses different authentication protocol.
> X11 connection rejected because of wrong authentication.
> [snip]
> debug: channel 0: full closed
> X connection to localhost.localdomain:11.0 broken (explicit kill or
> server shutd
> own).
> localhost$
>
> I'm running a 2.2.13 kernel, XFree86 3.3.5-0, and pam 0.68-10.
> Examination of X11 packets suggests that my X clients aren't even
> trying to send a cookie, despite the fact that the XAUTHORITY
> variable is correctly set. Ssh 2.0.13 used to work just fine...

I am having the same problem on FreeBSD. I haven't got any clue,
unfortunately.

--
Dominik - http://www.brettnacher.org/users/dominik/
Re: X forwarding (still) broken on Linux [ In reply to ]
markus.friedl at informatik
Apr 11, 2000, 7:11 AM
Post #2 of 3 (600 views)
Permalink
On Tue, Apr 11, 2000 at 01:41:43PM +0200, Dominik Brettnacher wrote:
> I am having the same problem on FreeBSD. I haven't got any clue,
> unfortunately.

see attachment.

Attached Files:

Re: X forwarding (still) broken on Linux [ In reply to ]
barker at ling
Apr 11, 2000, 7:27 AM
Post #3 of 3 (600 views)
Permalink
On Tue, Apr 11, 2000 at 01:41:43PM +0200, Dominik Brettnacher wrote:
> I am having the same problem on FreeBSD. I haven't got any clue,
> unfortunately.

After disecting lots of packets, I have a workaround: the fake cookie
must be for the /unix connection type. To try the workaround, use the
following line as the relevant .ssh/rc file:

if read proto cookie; then echo add $DISPLAY $proto $cookie | perl -n -e 's!:!/unix:!;' -e 'print;' | /usr/X11R6/bin/xauth -q -; fi

This simply adds the string "/unix" at the appropriate point before
the fake X11 cookie file is loaded with the fake cookie. The cookie
file that results from this rc file contains information like:

localhost.localdomain/unix:12 MIT-MAGIC-COOKIE-1 41c7fd607a4333e093129faa992aba1c

I'm sure it would be easy to modify the code to add a second cookie
with /unix speicified.

Hope this helps.

CB

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal