RE: Warning: No xauth data
Thanks for the hints on this, I've managed to get it working without
the warning message. Here's what I did:
bash$ xauth
xauth> add :0 . hexnumber # I used FACEFEEDFACEFEED
xauth> add localhost:0 . hexnumber
xauth> exit
my .ssh/config has:
ForwardX11Trusted yes
XAuthLocation /usr/bin/xauth
Next, I have a little macro in .bashrc:
startapp() { (ssh -Xn $* &) ; }
declare -fx startapp
Then, to start a remote application (xterm in this case) I do:
bash$ startapp othernode xterm
I haven't done exhaustive testing, but seems to do the trick.
By the way, the new Cygwin/X bits are GREAT! Thank you for the great update!!!
Benn
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ: http://x.cygwin.com/docs/faq/
Re: Warning: No xauth data
Yaakov (Cygwin Ports) wrote: > Jon TURNEY wrote: >> Hmmm it seems that ssh needs to run xauth to do connection forwarding, >> but >> is still trying to use /usr/X11R6/bin/xauth, rather than /usr/bin/xauth (and >> prints a slightly misleading message in this case) > >> In which case, until that is corrected somehow, you might add the following >> line to your ~/.ssh/config and see if that improves matters > >> XAuthLocation=/usr/bin/Xauth > > That should be /usr/bin/xauth with a small x. Only the servers start > with a capital X. Curse my fat fingers! > Already tried that. It introduces yet another warning: > > Warning: untrusted X11 forwarding setup failed: xauth key data not generated Ok, you're back on the map now :-) http://x.cygwin.com/docs/faq/cygwin-x-faq.html#remote You must choose between: i) adding ""ForwardX11Trusted yes" to your .ssh/config and/or invoking ssh as ssh -Y (which is to say that you trust the machine you are ssh-ing to hasn't been hacked or doesn't have a malicious root user who wishes to monitor your keystrokes and display, or your information is so worthless that you don't care if it is) ii) Reading the warning every time that ssh is giving you that it can't make the X clients it is going to forward untrusted (i.e. they are trusted to do all the bad things mentioned above) This is not security advice. Choose wisely, padawan! :-) The previous X server had the XCSECURITY extension enabled, and ssh was able to setup untrusted X11 forwarding and not issue this warning. There seems to be some doubt about the actual security this was offering. "man ssh_config" claims that 'the xauth(1) token used for the session will be set to expire after 20 minutes. Remote clients will be refused access after this time.'. If that was actually working that would surely be incredibly annoying... To quote from this bug http://bugs.gentoo.org/show_bug.cgi?id=237778 "Upstream X developers have chosen to disable it on their own expertise and judgement of its usefulness. I'm not going to go against that." -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: Warning: No xauth data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jon TURNEY wrote: > Hmmm it seems that ssh needs to run xauth to do connection forwarding, but > is still trying to use /usr/X11R6/bin/xauth, rather than /usr/bin/xauth (and > prints a slightly misleading message in this case) > > In which case, until that is corrected somehow, you might add the following > line to your ~/.ssh/config and see if that improves matters > > XAuthLocation=/usr/bin/Xauth That should be /usr/bin/xauth with a small x. Only the servers start with a capital X. Yaakov Cygwin/X -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkkd8/QACgkQpiWmPGlmQSMM3wCdFn/+im1QRxXp8WSjGG/vHgnK rTgAoJuygbLP7rulrrS9kibelx37reXC =aTkW -END PGP SIGNATURE- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: Warning: No xauth data
Jon TURNEY wrote: > Chuck wrote: >> Started getting this warning on ssh sessions that forward X11 after >> upgrading to the new X11 package yesterday. I forward X11 on all ssh >> connections via a line in ~/.ssh/ssh_config. > > Hmmm it seems that ssh needs to run xauth to do connection forwarding, but > is still trying to use /usr/X11R6/bin/xauth, rather than /usr/bin/xauth (and > prints a slightly misleading message in this case) > > In which case, until that is corrected somehow, you might add the following > line to your ~/.ssh/config and see if that improves matters > > XAuthLocation=/usr/bin/Xauth > Already tried that. It introduces yet another warning: Warning: untrusted X11 forwarding setup failed: xauth key data not generated -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: Warning: No xauth data
Chuck wrote: > Started getting this warning on ssh sessions that forward X11 after > upgrading to the new X11 package yesterday. I forward X11 on all ssh > connections via a line in ~/.ssh/ssh_config. Hmmm it seems that ssh needs to run xauth to do connection forwarding, but is still trying to use /usr/X11R6/bin/xauth, rather than /usr/bin/xauth (and prints a slightly misleading message in this case) In which case, until that is corrected somehow, you might add the following line to your ~/.ssh/config and see if that improves matters XAuthLocation=/usr/bin/Xauth > I don't really understand > X11 security (and never needed to up until now). Can someone please tell > me how to fix this warning or point me to a resource that explains what > it is and how to fix it? Google returned about 50 million hits and all > I've found so far is messages from other people either asking the same > question, or saying to just igore it. I'm not the type who likes to > just ignore a warning if it can be fixed properly. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: Warning: No xauth data - ssh looking for xauth in wrong location?
Chuck wrote: > Started getting this warning on ssh sessions that forward X11 after > upgrading to the new X11 package yesterday. I forward X11 on all ssh > connections via a line in ~/.ssh/ssh_config. I don't really understand > X11 security (and never needed to up until now). Can someone please tell > me how to fix this warning or point me to a resource that explains what > it is and how to fix it? Google returned about 50 million hits and all > I've found so far is messages from other people either asking the same > question, or saying to just ingore it. I'm not the type who likes to > just ignore a warning if it can be fixed properly. Found this setting in the man page for ssh_config: XAuthLocation. It defaults to /usr/X11R6/bin/xauth which is the *OLD* location for the xauth program. I installed the new xauth program which gets placed in /usr/bin, and added the following line to my ~/.ssh/config file... XAuthLocation /usr/bin/xauth Now when I connect to a remote host with X11 forwarding on I get this warning... Warning: untrusted X11 forwarding setup failed: xauth key data not generated Would appreciate any help in getting rid of these annoying warnings. Thanks. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: Warning: No xauth data; using fake authentication data for x11 forwarding
On Tue, 26 Oct 2004, Jim Drash wrote: > use "ssh -X" instead NO! ssh -X uses an UNTRUSTED X11 connection while ssh -Y uses a trusted connection. If you're not sure about what you say then don't mess with the users. This was one of most frequently asked questions a few months ago and I don't want to start answering the same question every day. ssh -Y is fine for all daily usage. If you know what you're dooing then use -X. But don't bother the mailinglist with strange errors which did not occur before. > > When I connect from cygwin to a remote host using 'ssh -Y', I get the > > warning: > > > > Warning: No xauth data; using fake authentication data for x11 forwarding > > > > How can I fix this? Live with it. It's just a warning. If it really bothers you then setup xauth. man Xsecurity will give you a quite detailed introduction to the whole X11 authentication schemes. But this is a quite complex task. There have been some threads on the mailing list about this topic (search for md5sum and xauth). bye ago -- [EMAIL PROTECTED] http://www.gotti.org ICQ: 126018723
Re: Warning: No xauth data; using fake authentication data for x11 forwarding
use "ssh -X" instead On Tue, 26 Oct 2004 14:36:36 -0400 (EDT), [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > When I connect from cygwin to a remote host using 'ssh -Y', I get the > warning: > > Warning: No xauth data; using fake authentication data for x11 forwarding > > How can I fix this? > > Thanks! > > kj >
