xauth warning
Phil Dybvig
fedora at ducksoup.afree.net
Sat Aug 7 16:00:01 UTC 2004
netmask --
Thanks for your message.
>Date: Sat, 7 Aug 2004 08:31:45 -0700 (PDT)
>From: netmask <netmask at enZotech.net>
>
>> Warning: No xauth data; using fake authentication data for X11 forwarding.
>>
>> This sounds like a possible security problem. Does anyone know what this
means?
>> I am using window maker, so it is possible this is something that would be
cared
>> for automatically by gnome.
>
>Turn on verbose flags when you ssh and see if it's complaining about missing
>xauth.. (ssh -v -v user at box.com).
Verbose mode doesn't help me much but maybe you can learn something from it.
debug1: channel 0: request pty-req
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
(lots more of the tty_make_modes here)
debug3: tty_make_modes: 93 0
debug2: x11_get_proto: /usr/X11R6/bin/xauth list unix:12.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel 0: request x11-req
debug1: channel 0: request shell
This is verbosity 3 (ssh -vvv hostname); strangely enough the warning I
originally asked about disappears when moving from verbosity 2 to verbosity 3.
> make sure xauth is in your path
It is, and /usr/X11R6/bin/xauth in the debug messages is the correct path (on
both machines), and I can run '/usr/X11R6/bin/xauth list unix:(display #)' by
hand and it returns a list of cookies with keys. I don't think there is trouble
finding xauth.
>Alternatively, if you aren't doing X11 forwarding, ...
I am. :-)
At one point, I thought maybe I needed to generate a key in ~/.Xauthority, but
either that wasn't the problem or I did not do it correctly.
-- Phil
More information about the fedora-list
mailing list