This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Trusted vs untrusted ssh/X connections
- From: "Larry Hall (Cygwin)" <reply-to-list-only-lh at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Thu, 19 Jun 2014 22:37:41 -0400
- Subject: Re: Trusted vs untrusted ssh/X connections
- Authentication-results: sourceware.org; auth=none
- References: <lnvgv8$j3e$1 at ger dot gmane dot org>
- Reply-to: cygwin at cygwin dot com
On 06/19/2014 04:25 PM, Andrew DeFaria wrote:
This is something that's been bothering me for a long time and I thought I
might look into it a little deeper. I'm not sure if I should post this here
because it involves Cygwin/X but it also involves OpenSSh.
Actually, this is probably off-topic since I don't see anything Cygwin-
specific about setting up ssh/X connections.
When I ssh into a Linux machine using ForwardX11 I get those familiar messages:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
and according to https://cygwin.com/ml/cygwin-xfree/2008-11/msg00154.html:
The warning can be silenced by using ssh -Y, since that
is what ssh -X is doing now anyway.
However, I find -Y to be 20 times slower to log in than -X:
This is probably a configuraton issue since when I ssh into my Linux system,
login time is roughly equivalent.
Adefaria-lt:time ssh cm-job-ldev01 echo 'hi'
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
/usr/bin/xauth: error in locking authority file /home/adefaria/.Xauthority
hi
real 0m2.387s
user 0m0.075s
sys 0m0.446s
Adefaria-lt:time ssh -Y cm-job-ldev01 echo 'hi'
Warning: No xauth data; using fake authentication data for X11 forwarding.
hi
/usr/bin/xauth: error in locking authority file /home/adefaria/.Xauthority
real 0m22.476s
user 0m0.091s
sys 0m0.477s
Adefaria-lt:
Bonus points if you can help me get right of the other errors!
I believe the error regarding the .Xauthority file has something to do with
the permissions on the file. As for the warning, I believe you want to
unset DISPLAY on your PC, set X11Forwarding to "yes" on your Linux machine
in your sshd_config file, and X11Forward to "yes" in you ssh_config file
(for instance) on your PC. At least, that's what I gathered from searching
around on the net for the information. :-)
I think it goes without saying that enabling X11Forwarding opens up
some security holes in X. Oops, looks like I said it anyway. ;-)
--
Larry
_____________________________________________________________________
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple