This is the mail archive of the cygwin-xfree mailing list for the Cygwin XFree86 project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Warning: No xauth data


Yaakov (Cygwin Ports) wrote:
> Jon TURNEY wrote:
>> Hmmm.... it seems that ssh needs to run xauth to do connection forwarding, but
>> is still trying to use /usr/X11R6/bin/xauth, rather than /usr/bin/xauth (and
>> prints a slightly misleading message in this case)
>
>> In which case, until that is corrected somehow, you might add the following
>> line to your ~/.ssh/config and see if that improves matters
>
>> XAuthLocation=/usr/bin/Xauth
>
> That should be /usr/bin/xauth with a small x.  Only the servers start
> with a capital X.

Curse my fat fingers!

> Already tried that. It introduces yet another warning:
> 
> Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Ok, you're back on the map now :-)

http://x.cygwin.com/docs/faq/cygwin-x-faq.html#remote

You must choose between:

i) adding ""ForwardX11Trusted yes" to your .ssh/config and/or invoking ssh as
ssh -Y

(which is to say that you trust the machine you are ssh-ing to hasn't been
hacked or doesn't have a malicious root user who wishes to monitor your
keystrokes and display, or your information is so worthless that you don't
care if it is)

ii) Reading the warning every time that ssh is giving you that it can't make
the X clients it is going to forward untrusted (i.e. they are trusted to do
all the bad things mentioned above)

This is not security advice.  Choose wisely, padawan! :-)



The previous X server had the XCSECURITY extension enabled, and ssh was able
to setup untrusted X11 forwarding and not issue this warning.  There seems to
be some doubt about the actual security this was offering.

"man ssh_config" claims that 'the xauth(1) token used for the session will be
set to expire after 20 minutes.  Remote clients will be refused access after
this time.'.  If that was actually working that would surely be incredibly
annoying...

To quote from this bug http://bugs.gentoo.org/show_bug.cgi?id=237778
"Upstream X developers have chosen to disable it on their own expertise and
judgement of its usefulness. I'm not going to go against that."

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://x.cygwin.com/docs/
FAQ:                   http://x.cygwin.com/docs/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]