Re: xauth failure when tunneling over ssh
On Tuesday 11 November 2008 21:27:38 Elliot Isaacson wrote: Hi, I've set up X11Forwarding on several linux servers before, but I've just wasted a day trying (unsuccessfully) to figure out why I can't get it working on freebsd (7.0-RELEASE GENERIC). I have not changed the defaults in the sshd_config file. One the client computer: $ xhost + $ ssh -Y 192.ip.of.server Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/local/bin/xauth: creating new authority file /home/xxx/.Xauthority /usr/local/bin/xauth: (stdin):1: bad display name unix:10.0 in remove command /usr/local/bin/xauth: (stdin):2: bad display name unix:10.0 in add command [xxx@ ~] kcalc X11 connection rejected because of wrong authentication. kcalc: Fatal IO error: client killed [xxx@ ~] ls -a .Xauth* no results Now, when I go to the server and login directly, and do a startx, the x server starts fine, but there's still no .Xauthority file in the home directory. I find that odd. This also looks strange to me: [xxx@ ~] ps -aux | grep X root1470 0.0 2.7 65456 13668 v0 S 4:01PM 0:01.24 X :0 -auth /home/xxx/.serverauth.1451 (Xorg) [xxx@ ~] ls -a /home/xxx/.serverauth* no results How could it authenticate with a non-existent file? Any pointers in the right direction would be greatly appreciated. I had the same problem when trying to SSH to the FreeBSD machines from Linux. If I remember correctly, I had to make a change to ssh_config on the Linux side to get things to work: Host * XAuthLocation /usr/bin/xauth It might also help if you would post sshd_config on the FreeBSD side. Thanks for your suggestion. On my Linux system, the default path for ssh to find xauth is already /usr/bin/xauth (according to the man page). To be sure, I tried setting it explicitly but it still didn't work. I know that I can tunnel to other X servers, just not the FreeBSD one. My FreeBSD sshd_config is rather uninteresting because everything is commented out and using the defaults. For convenience's sake, here are some of the interesting lines: #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no I also tried doing it the old fashioned way and viewing the X clients over telnet, which worked fine. It's too insecure to do that from outside the local network, though. Thanks, Elliot Isaacson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: xauth failure when tunneling over ssh
On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote: #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no Shouldn't PermitTunnel be set to yes ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: xauth failure when tunneling over ssh
On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote: #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no Shouldn't PermitTunnel be set to yes ? Thanks for the suggestion. PermitTunnel has something to do with using a specific software network loopback device, tun(4). I don't think it has anything to do with forwarding traffic, X11 or otherwise, through an ssh tunnel. Just to be sure I tried switching that on, but it didn't seem to help. This is a reiteration of the problem so no one has to sift though the archives to find it: $ xhost + $ ssh -Y 192.ip.of.freebsdserver Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/local/bin/xauth: ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: xauth failure when tunneling over ssh
On Wednesday 12 November 2008 18:20:00 Elliot Isaacson wrote: On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote: #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no Shouldn't PermitTunnel be set to yes ? Thanks for the suggestion. PermitTunnel has something to do with using a specific software network loopback device, tun(4). I don't think it has anything to do with forwarding traffic, X11 or otherwise, through an ssh tunnel. Just to be sure I tried switching that on, but it didn't seem to help. This is a reiteration of the problem so no one has to sift though the archives to find it: $ xhost + $ ssh -Y 192.ip.of.freebsdserver Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/local/bin/xauth: and try 'ssh -X' instead of 'ssh -Y' I use 'ssh -X' ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: xauth failure when tunneling over ssh
On Wednesday 12 November 2008 18:20:00 Elliot Isaacson wrote: On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote: #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no Shouldn't PermitTunnel be set to yes ? Thanks for the suggestion. PermitTunnel has something to do with using a specific software network loopback device, tun(4). I don't think it has anything to do with forwarding traffic, X11 or otherwise, through an ssh tunnel. Just to be sure I tried switching that on, but it didn't seem to help. This is a reiteration of the problem so no one has to sift though the archives to find it: $ xhost + $ ssh -Y 192.ip.of.freebsdserver Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/local/bin/xauth: In case you have not done so, you should also check /etc/ssh/ssh_config on the client machines. I had to add something like this on my client machine which is Linux: Host localhost HostName 127.0.0.1 ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes PubkeyAuthentication yes PasswordAuthentication yes Protocol 2 Host * ForwardAgent no ForwardX11 no ForwardX11Trusted yes XAuthLocation /usr/bin/xauth If you are using gdm on the server, you might try shutting that down for testing. I seem to recall having to modify some setting in gdm that had to do with xauth. I did not make a note of what I did though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: xauth failure when tunneling over ssh
On Wednesday 12 November 2008 18:58:18 Pollywog wrote: On Wednesday 12 November 2008 18:20:00 Elliot Isaacson wrote: On Wednesday 12 November 2008 15:51:42 Elliot Isaacson wrote: #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no Shouldn't PermitTunnel be set to yes ? Thanks for the suggestion. PermitTunnel has something to do with using a specific software network loopback device, tun(4). I don't think it has anything to do with forwarding traffic, X11 or otherwise, through an ssh tunnel. Just to be sure I tried switching that on, but it didn't seem to help. This is a reiteration of the problem so no one has to sift though the archives to find it: $ xhost + $ ssh -Y 192.ip.of.freebsdserver Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/local/bin/xauth: In case you have not done so, you should also check /etc/ssh/ssh_config on the client machines. I had to add something like this on my client machine which is Linux: Host localhost HostName 127.0.0.1 ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes PubkeyAuthentication yes PasswordAuthentication yes Protocol 2 Host * ForwardAgent no ForwardX11 no ForwardX11Trusted yes XAuthLocation /usr/bin/xauth If you are using gdm on the server, you might try shutting that down for testing. I seem to recall having to modify some setting in gdm that had to do with xauth. I did not make a note of what I did though. If you run gdm on the server: I checked one of my boxes which runs Linux and I have this in /etc/gdm/gdm.conf UserAuthFBDir=/tmp UserAuthFile=.Xauthority I don't believe this was set by default, I believe it was commented out on my FreeBSD box and it was causing problems until I uncommented the two lines. You might try running 'ssh -vv hostname' when connecting from the command line if you have not tried that. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
xauth failure when tunneling over ssh
Hi, I've set up X11Forwarding on several linux servers before, but I've just wasted a day trying (unsuccessfully) to figure out why I can't get it working on freebsd (7.0-RELEASE GENERIC). I have not changed the defaults in the sshd_config file. One the client computer: $ xhost + $ ssh -Y 192.ip.of.server Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/local/bin/xauth: creating new authority file /home/xxx/.Xauthority /usr/local/bin/xauth: (stdin):1: bad display name unix:10.0 in remove command /usr/local/bin/xauth: (stdin):2: bad display name unix:10.0 in add command [xxx@ ~] kcalc X11 connection rejected because of wrong authentication. kcalc: Fatal IO error: client killed [xxx@ ~] ls -a .Xauth* no results Now, when I go to the server and login directly, and do a startx, the x server starts fine, but there's still no .Xauthority file in the home directory. I find that odd. This also looks strange to me: [xxx@ ~] ps -aux | grep X root1470 0.0 2.7 65456 13668 v0 S 4:01PM 0:01.24 X :0 -auth /home/xxx/.serverauth.1451 (Xorg) [xxx@ ~] ls -a /home/xxx/.serverauth* no results How could it authenticate with a non-existent file? Any pointers in the right direction would be greatly appreciated. Thanks, Elliot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: xauth failure when tunneling over ssh
On Tuesday 11 November 2008 21:27:38 Elliot Isaacson wrote: Hi, I've set up X11Forwarding on several linux servers before, but I've just wasted a day trying (unsuccessfully) to figure out why I can't get it working on freebsd (7.0-RELEASE GENERIC). I have not changed the defaults in the sshd_config file. One the client computer: $ xhost + $ ssh -Y 192.ip.of.server Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/local/bin/xauth: creating new authority file /home/xxx/.Xauthority /usr/local/bin/xauth: (stdin):1: bad display name unix:10.0 in remove command /usr/local/bin/xauth: (stdin):2: bad display name unix:10.0 in add command [xxx@ ~] kcalc X11 connection rejected because of wrong authentication. kcalc: Fatal IO error: client killed [xxx@ ~] ls -a .Xauth* no results Now, when I go to the server and login directly, and do a startx, the x server starts fine, but there's still no .Xauthority file in the home directory. I find that odd. This also looks strange to me: [xxx@ ~] ps -aux | grep X root1470 0.0 2.7 65456 13668 v0 S 4:01PM 0:01.24 X :0 -auth /home/xxx/.serverauth.1451 (Xorg) [xxx@ ~] ls -a /home/xxx/.serverauth* no results How could it authenticate with a non-existent file? Any pointers in the right direction would be greatly appreciated. I had the same problem when trying to SSH to the FreeBSD machines from Linux. If I remember correctly, I had to make a change to ssh_config on the Linux side to get things to work: Host * XAuthLocation /usr/bin/xauth It might also help if you would post sshd_config on the FreeBSD side. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]