Re: xauth failure when tunneling over ssh

2008-11-12 Thread Elliot Isaacson 
 On Tuesday 11 November 2008 21:27:38 Elliot Isaacson wrote:
  Hi,
 
  I've set up X11Forwarding on several linux servers before, but
  I've just wasted a day trying (unsuccessfully) to figure out
  why I can't get it working on freebsd (7.0-RELEASE GENERIC).
 
  I have not changed the defaults in the sshd_config file.
 
  One the client computer:
 
  $ xhost +
 
  $ ssh -Y 192.ip.of.server
  Warning: No xauth data; using fake authentication data for X11
  forwarding.
 
  /usr/local/bin/xauth:  creating new authority
  file /home/xxx/.Xauthority
  /usr/local/bin/xauth: (stdin):1:  bad display name unix:10.0
  in remove command
  /usr/local/bin/xauth: (stdin):2:  bad display name unix:10.0
  in add command
 
  [xxx@ ~] kcalc
  X11 connection rejected because of wrong authentication.
  kcalc: Fatal IO error: client killed
 
  [xxx@ ~] ls -a .Xauth*
  no results
 
  Now, when I go to the server and login directly, and do a
  startx, the x server starts fine, but there's still no
  .Xauthority file in the home directory. I find that odd.
 
  This also looks strange to me:
 
  [xxx@ ~] ps -aux | grep X
  root1470  0.0  2.7 65456 13668  v0  S 4:01PM   0:01.24
  X :0 -auth /home/xxx/.serverauth.1451 (Xorg)
 
  [xxx@ ~] ls -a /home/xxx/.serverauth*
  no results
 
  How could it authenticate with a non-existent file?
 
  Any pointers in the right direction would be greatly
  appreciated.

 I had the same problem when trying to SSH to the FreeBSD machines
 from Linux. If I remember correctly, I had to make a change to
 ssh_config on the Linux side to get things to work:

 Host *
   XAuthLocation /usr/bin/xauth

 It might also help if you would post sshd_config on the FreeBSD
 side.


Thanks for your suggestion. On my Linux system, the default path for 
ssh to find xauth is already /usr/bin/xauth (according to the man 
page). To be sure, I tried setting it explicitly but it still 
didn't work. I know that I can tunnel to other X servers, just not 
the FreeBSD one. My FreeBSD sshd_config is rather uninteresting 
because everything is commented out and using the defaults. For 
convenience's sake, here are some of the interesting lines:

#UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no

I also tried doing it the old fashioned way and viewing the X 
clients over telnet, which worked fine. It's too insecure to do 
that from outside the local network, though.

Thanks,
Elliot Isaacson



  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: xauth failure when tunneling over ssh

2008-11-12 Thread Elliot Isaacson 

 On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote:
  #UsePAM yes
  #AllowTcpForwarding yes
  #GatewayPorts no
  #X11Forwarding yes
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  #PrintMotd yes
  #PrintLastLog yes
  #TCPKeepAlive yes
  #UseLogin no
  #UsePrivilegeSeparation yes
  #PermitUserEnvironment no
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
  #UseDNS yes
  #PidFile /var/run/sshd.pid
  #MaxStartups 10
  #PermitTunnel no

 Shouldn't PermitTunnel be set to yes  ?


Thanks for the suggestion. PermitTunnel has something to do with 
using a specific software network loopback device, tun(4). I don't 
think it has anything to do with forwarding traffic, X11 or 
otherwise, through an ssh tunnel. Just to be sure I tried switching 
that on, but it didn't seem to help.

This is a reiteration of the problem so no one has to sift though 
the archives to find it:

$ xhost +

$ ssh -Y 192.ip.of.freebsdserver
Warning: No xauth data; using fake authentication data for X11 
forwarding.

/usr/local/bin/xauth: 


  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

xauth failure when tunneling over ssh

2008-11-11 Thread Elliot Isaacson 
Hi,

I've set up X11Forwarding on several linux servers before, but I've 
just wasted a day trying (unsuccessfully) to figure out why I can't 
get it working on freebsd (7.0-RELEASE GENERIC).

I have not changed the defaults in the sshd_config file.

One the client computer:

$ xhost +

$ ssh -Y 192.ip.of.server
Warning: No xauth data; using fake authentication data for X11 
forwarding.

/usr/local/bin/xauth:  creating new authority 
file /home/xxx/.Xauthority
/usr/local/bin/xauth: (stdin):1:  bad display name unix:10.0 
in remove command
/usr/local/bin/xauth: (stdin):2:  bad display name unix:10.0 
in add command

[xxx@ ~] kcalc
X11 connection rejected because of wrong authentication.
kcalc: Fatal IO error: client killed

[xxx@ ~] ls -a .Xauth*
no results

Now, when I go to the server and login directly, and do a startx, 
the x server starts fine, but there's still no .Xauthority file in 
the home directory. I find that odd.

This also looks strange to me:

[xxx@ ~] ps -aux | grep X
root1470  0.0  2.7 65456 13668  v0  S 4:01PM   0:01.24 
X :0 -auth /home/xxx/.serverauth.1451 (Xorg)

[xxx@ ~] ls -a /home/xxx/.serverauth*
no results

How could it authenticate with a non-existent file?

Any pointers in the right direction would be greatly appreciated.

Thanks,
Elliot



  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]