| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding | |
| :in-reply-to; q=dns; s=default; b=fYwupg1SxqU1VWnHsBGm0Lmzi3Kfpx | |
| PcONaa6ibNYqWhGKW9lHk2JHPvmq2UxshHNJIxVZZLE7jGb6OD7vteEH6Ub4A5Nn | |
| Si3hwRCyxjSSPU4ETimIzy8gM/hck1Dbc93GaOITiTfw2/XObQLXie1V/+M2VAEv | |
| dFBAZK55A9pH0= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding | |
| :in-reply-to; s=default; bh=fWv3DTPoHYryzXvH96div9BjhAA=; b=ngb7 | |
| liivfct7tR4ESQKNd0S/YTU61FipTVwBedcWLVxejmHU5YQXOwr1nR1BORVaW/TK | |
| qTEvdaZH5DVAWsj6qmsaaTykl1ZPxZCXWXGhwf1dZSKVEPny58pik0B8dI7edmrk | |
| QeVP7y1Uoagj5CMFqXO/SWszdsn1AvKYNpwu0/k= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 |
| X-HELO: | plane.gmane.org |
| To: | cygwin AT cygwin DOT com |
| From: | Andrew DeFaria <Andrew AT DeFaria DOT com> |
| Subject: | Re: Trusted vs untrusted ssh/X connections |
| Date: | Fri, 20 Jun 2014 11:37:23 -0700 |
| Lines: | 91 |
| Message-ID: | <lo1v13$8kt$1@ger.gmane.org> |
| References: | <lnvgv8$j3e$1 AT ger DOT gmane DOT org> <53A39E75 DOT 5030305 AT cygwin DOT com> |
| Mime-Version: | 1.0 |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
| In-Reply-To: | <53A39E75.5030305@cygwin.com> |
| X-IsSubscribed: | yes |
On 6/19/2014 7:37 PM, Larry Hall (Cygwin) wrote: > On 06/19/2014 04:25 PM, Andrew DeFaria wrote: >> This is something that's been bothering me for a long time and I >> thought I >> might look into it a little deeper. I'm not sure if I should post this >> here >> because it involves Cygwin/X but it also involves OpenSSh. > > Actually, this is probably off-topic since I don't see anything Cygwin- > specific about setting up ssh/X connections. But I get the "untrusted X11 forwarding" error only when I ssh from Cygwin -> Linux using -X. > >> When I ssh into a Linux machine using ForwardX11 I get those familiar >> messages: >> >> Warning: untrusted X11 forwarding setup failed: xauth key data not >> generated >> >> and according to >> https://cygwin.com/ml/cygwin-xfree/2008-11/msg00154.html: >> The warning can be silenced by using ssh -Y, since that >> is what ssh -X is doing now anyway. >> >> However, I find -Y to be 20 times slower to log in than -X: > > This is probably a configuraton issue since when I ssh into my Linux > system, > login time is roughly equivalent. Any ideas of what configuration file I should be looking and what that configuration option that would be? > >> Adefaria-lt:time ssh cm-job-ldev01 echo 'hi' >> Warning: untrusted X11 forwarding setup failed: xauth key data not >> generated >> Warning: No xauth data; using fake authentication data for X11 >> forwarding. >> /usr/bin/xauth: error in locking authority file >> /home/adefaria/.Xauthority >> hi >> >> real 0m2.387s >> user 0m0.075s >> sys 0m0.446s >> Adefaria-lt:time ssh -Y cm-job-ldev01 echo 'hi' >> Warning: No xauth data; using fake authentication data for X11 >> forwarding. >> hi >> /usr/bin/xauth: error in locking authority file >> /home/adefaria/.Xauthority >> >> real 0m22.476s >> user 0m0.091s >> sys 0m0.477s >> Adefaria-lt: >> >> Bonus points if you can help me get right of the other errors! > > I believe the error regarding the .Xauthority file has something to do with > the permissions on the file. As for the warning, I believe you want to > unset DISPLAY on your PC, set X11Forwarding to "yes" on your Linux machine > in your sshd_config file, and X11Forward to "yes" in you ssh_config file > (for instance) on your PC. At least, that's what I gathered from searching > around on the net for the information. :-) My experience with this is that if DISPLAY is not set and you ssh -X (or -Y) then on the other side DISPLAY is not set: Adefaria-lt:echo $DISPLAY :0 Adefaria-lt:ssh cm-job-ldev01 'echo $DISPLAY' Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/bin/xauth: error in locking authority file /home/adefaria/.Xauthority localhost:11.0 Adefaria-lt:unset DISPLAY Adefaria-lt:ssh cm-job-ldev01 'echo $DISPLAY' Adefaria-lt: > I think it goes without saying that enabling X11Forwarding opens up > some security holes in X. Oops, looks like I said it anyway. ;-) Inside the intranet, this is not a concern for me. -- Andrew DeFaria http://defaria.com -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |