1 |
Review: |
2 |
|
3 |
My understanding was that this message was due to the lack of an |
4 |
.Xauthority file: |
5 |
|
6 |
Warning: untrusted X11 forwarding setup failed: xauth key data not generated |
7 |
|
8 |
Trying to generate one with |
9 |
|
10 |
xauth generate $DISPLAY . |
11 |
|
12 |
yielded: |
13 |
|
14 |
xauth: (argv):1: couldn't query Security extension on display ":0" |
15 |
|
16 |
lead me to the discovery that the security extension was not enabled in |
17 |
the server. That's when I wrote the original posting. |
18 |
|
19 |
Then I realized that I could go from one gentoo machine to the other, |
20 |
just not in the other direction. The equery command told me both |
21 |
servers were compiled with the same USE flags. |
22 |
|
23 |
So, I captured the -vvv output from both ssh sessions and I see this: |
24 |
|
25 |
151,152c161,165 |
26 |
< debug2: client_x11_get_proto: xauth command: /usr/bin/xauth -f |
27 |
/tmp/ssh-xxxxxxxx/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted |
28 |
timeout 1260 2>/dev/null |
29 |
< Warning: untrusted X11 forwarding setup failed: xauth key data not |
30 |
generated |
31 |
--- |
32 |
> debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null |
33 |
> Warning: No xauth data; using fake authentication data for X11 |
34 |
forwarding. |
35 |
> debug1: Requesting X11 forwarding with authentication spoofing. |
36 |
> debug2: channel 0: request x11-req confirm 1 |
37 |
> debug3: send packet: type 98 |
38 |
|
39 |
If I interpret that correctly, one simply failed, and the other used |
40 |
fake security. Someone subsequently mentioned that the -Y flag would |
41 |
generate the .Xauthority file, which I tested and saw that that indeed |
42 |
was true - although, the thusly generated .Xauthority file did *not* |
43 |
allow a subsequent usage with -X. It's not clear to me at this point |
44 |
why I'm configured on the one machine to allow fake security data, but I |
45 |
intend to rebuild the servers with the security extensions enabled. |
46 |
|
47 |
|
48 |
On 12/22/19 22:17, n952162 wrote: |
49 |
> |
50 |
> xauth(1) says: |
51 |
> |
52 |
> /if [the X server] does not support the SECURITY extension, the |
53 |
> [generate] command fails./ |
54 |
> |
55 |
> The xauth command is used to generate the .Xauthority file, which is |
56 |
> required for X11Forwarding. |
57 |
> |
58 |
> But the Security Extension is not enabled by default: |
59 |
> |
60 |
> - - xcsecurity : Build Security extension |
61 |
> |
62 |
> but I don't find anybody asking why X11 forwarding doesn't work under |
63 |
> gentoo. What am I missing? |
64 |
> |