| 1 |
Review: |
| 2 |
|
| 3 |
My understanding was that this message was due to the lack of an |
| 4 |
.Xauthority file: |
| 5 |
|
| 6 |
Warning: untrusted X11 forwarding setup failed: xauth key data not generated |
| 7 |
|
| 8 |
Trying to generate one with |
| 9 |
|
| 10 |
xauth generate $DISPLAY . |
| 11 |
|
| 12 |
yielded: |
| 13 |
|
| 14 |
xauth: (argv):1: couldn't query Security extension on display ":0" |
| 15 |
|
| 16 |
lead me to the discovery that the security extension was not enabled in |
| 17 |
the server. That's when I wrote the original posting. |
| 18 |
|
| 19 |
Then I realized that I could go from one gentoo machine to the other, |
| 20 |
just not in the other direction. The equery command told me both |
| 21 |
servers were compiled with the same USE flags. |
| 22 |
|
| 23 |
So, I captured the -vvv output from both ssh sessions and I see this: |
| 24 |
|
| 25 |
151,152c161,165 |
| 26 |
< debug2: client_x11_get_proto: xauth command: /usr/bin/xauth -f |
| 27 |
/tmp/ssh-xxxxxxxx/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted |
| 28 |
timeout 1260 2>/dev/null |
| 29 |
< Warning: untrusted X11 forwarding setup failed: xauth key data not |
| 30 |
generated |
| 31 |
--- |
| 32 |
> debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null |
| 33 |
> Warning: No xauth data; using fake authentication data for X11 |
| 34 |
forwarding. |
| 35 |
> debug1: Requesting X11 forwarding with authentication spoofing. |
| 36 |
> debug2: channel 0: request x11-req confirm 1 |
| 37 |
> debug3: send packet: type 98 |
| 38 |
|
| 39 |
If I interpret that correctly, one simply failed, and the other used |
| 40 |
fake security. Someone subsequently mentioned that the -Y flag would |
| 41 |
generate the .Xauthority file, which I tested and saw that that indeed |
| 42 |
was true - although, the thusly generated .Xauthority file did *not* |
| 43 |
allow a subsequent usage with -X. It's not clear to me at this point |
| 44 |
why I'm configured on the one machine to allow fake security data, but I |
| 45 |
intend to rebuild the servers with the security extensions enabled. |
| 46 |
|
| 47 |
|
| 48 |
On 12/22/19 22:17, n952162 wrote: |
| 49 |
> |
| 50 |
> xauth(1) says: |
| 51 |
> |
| 52 |
> /if [the X server] does not support the SECURITY extension, the |
| 53 |
> [generate] command fails./ |
| 54 |
> |
| 55 |
> The xauth command is used to generate the .Xauthority file, which is |
| 56 |
> required for X11Forwarding. |
| 57 |
> |
| 58 |
> But the Security Extension is not enabled by default: |
| 59 |
> |
| 60 |
> - - xcsecurity : Build Security extension |
| 61 |
> |
| 62 |
> but I don't find anybody asking why X11 forwarding doesn't work under |
| 63 |
> gentoo. What am I missing? |
| 64 |
> |
Archives