This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Trusted vs untrusted ssh/X connections


On 06/19/2014 04:25 PM, Andrew DeFaria wrote:
This is something that's been bothering me for a long time and I thought I
might look into it a little deeper. I'm not sure if I should post this here
because it involves Cygwin/X but it also involves OpenSSh.

Actually, this is probably off-topic since I don't see anything Cygwin-
specific about setting up ssh/X connections.

When I ssh into a Linux machine using ForwardX11 I get those familiar messages:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated

and according to https://cygwin.com/ml/cygwin-xfree/2008-11/msg00154.html:
The warning can be silenced by using ssh -Y, since that
is what ssh -X is doing now anyway.

However, I find -Y to be 20 times slower to log in than -X:

This is probably a configuraton issue since when I ssh into my Linux system,
login time is roughly equivalent.

Adefaria-lt:time ssh cm-job-ldev01 echo 'hi'
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
/usr/bin/xauth:  error in locking authority file /home/adefaria/.Xauthority
hi

real    0m2.387s
user    0m0.075s
sys     0m0.446s
Adefaria-lt:time ssh -Y cm-job-ldev01 echo 'hi'
Warning: No xauth data; using fake authentication data for X11 forwarding.
hi
/usr/bin/xauth:  error in locking authority file /home/adefaria/.Xauthority

real    0m22.476s
user    0m0.091s
sys     0m0.477s
Adefaria-lt:

Bonus points if you can help me get right of the other errors!

I believe the error regarding the .Xauthority file has something to do with
the permissions on the file.  As for the warning, I believe you want to
unset DISPLAY on your PC, set X11Forwarding to "yes" on your Linux machine
in your sshd_config file, and X11Forward to "yes" in you ssh_config file
(for instance) on your PC.  At least, that's what I gathered from searching
around on the net for the information. :-)

I think it goes without saying that enabling X11Forwarding opens up
some security holes in X.  Oops, looks like I said it anyway. ;-)


--
Larry

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]