| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=TZkKmomFwy5PHa0q | |
| r6NK+FumVI1epM22iS9o8mGixzCKyRgZWnDFsA0A1aL7ZXpifiCpgs9Zq2IKw4zm | |
| /WYhKBvxuuO/C2CLj1V96I6y0MCoXVoAE/I6MKIRYxyHSBtGlr2TuIozC7XQRdl6 | |
| zjoGb3N0k3Z3Mc2p8I4HAlnrRHA= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=NnEfE5mvjiu8lU5xlcsdv0 | |
| ntX2Y=; b=WEcXuf+UkFGBVs4VDCxMS03otmzhnNnaIYE6JVRCzJw3l6SwhuagfL | |
| UYPdb4JEnCpHiSSbOOtrSlSx+I0Iedyc+IwDoHXzZMqEDklTVOyvu1C2bWpNcm/I | |
| 3bB1MzrcVVwYLIZJARMnDic3Sfy1rtXUMZdRBNdyTl373XylKVSX4= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.0 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 |
| X-HELO: | vms173025pub.verizon.net |
| Message-id: | <53A39E75.5030305@cygwin.com> |
| Date: | Thu, 19 Jun 2014 22:37:41 -0400 |
| From: | "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com> |
| Reply-to: | cygwin AT cygwin DOT com |
| User-Agent: | Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
| MIME-version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Trusted vs untrusted ssh/X connections |
| References: | <lnvgv8$j3e$1 AT ger DOT gmane DOT org> |
| In-reply-to: | <lnvgv8$j3e$1@ger.gmane.org> |
On 06/19/2014 04:25 PM, Andrew DeFaria wrote: > This is something that's been bothering me for a long time and I thought I > might look into it a little deeper. I'm not sure if I should post this here > because it involves Cygwin/X but it also involves OpenSSh. Actually, this is probably off-topic since I don't see anything Cygwin- specific about setting up ssh/X connections. > When I ssh into a Linux machine using ForwardX11 I get those familiar messages: > > Warning: untrusted X11 forwarding setup failed: xauth key data not generated > > and according to https://cygwin.com/ml/cygwin-xfree/2008-11/msg00154.html: > The warning can be silenced by using ssh -Y, since that > is what ssh -X is doing now anyway. > > However, I find -Y to be 20 times slower to log in than -X: This is probably a configuraton issue since when I ssh into my Linux system, login time is roughly equivalent. > Adefaria-lt:time ssh cm-job-ldev01 echo 'hi' > Warning: untrusted X11 forwarding setup failed: xauth key data not generated > Warning: No xauth data; using fake authentication data for X11 forwarding. > /usr/bin/xauth: error in locking authority file /home/adefaria/.Xauthority > hi > > real 0m2.387s > user 0m0.075s > sys 0m0.446s > Adefaria-lt:time ssh -Y cm-job-ldev01 echo 'hi' > Warning: No xauth data; using fake authentication data for X11 forwarding. > hi > /usr/bin/xauth: error in locking authority file /home/adefaria/.Xauthority > > real 0m22.476s > user 0m0.091s > sys 0m0.477s > Adefaria-lt: > > Bonus points if you can help me get right of the other errors! I believe the error regarding the .Xauthority file has something to do with the permissions on the file. As for the warning, I believe you want to unset DISPLAY on your PC, set X11Forwarding to "yes" on your Linux machine in your sshd_config file, and X11Forward to "yes" in you ssh_config file (for instance) on your PC. At least, that's what I gathered from searching around on the net for the information. :-) I think it goes without saying that enabling X11Forwarding opens up some security holes in X. Oops, looks like I said it anyway. ;-) -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |