ssh/openssh and X authentication
Brad
lists at anomie.dhis.net
Tue Dec 7 11:04:14 EST 1999
On 1999-11-29 at 15:29:37, Nigel Metheringham wrote:
> I've currently got a couple of boxes which obtain their IP address via
> DHCP, and as a consequence do not have a mapping in /etc/hosts for
> their own IP/name... but helpfully (!) they have their name mapping to
> 127.0.0.1
i have a similar setup here, except with names mapping to 0.0.0.0; i
forget why, but mapping to 127.0.0.1 didn't work well for me for some
reason. Probably i did something wrong.
> This breaks X authentication... - openssh (and also ssh) makes an
> apparently valid xauth entry, but all attempts to start clients gives
> "X11 connection rejected because of wrong authentication." Hacking the
> DISPLAY & xauth entries to use the real IP address of the box, or even
> 127.0.0.2 works fine, so it appears that something (maybe outside ssh)
> is special casing 127.0.0.1
I think it's X itself, using unix domain sockets to connect to the
localhost. opensshd only puts an internet domain entry in the xauth
file. I managed to solve it on my system by having sshd do a second
xauth with "/unix" inserted just before the ':' in the display variable
in sshd.c.
I've filed more information in the Debian GNU/Linux bug tracking
database, at <http://cgi.debian.org/cgi-bin/bugreport.cgi?bug=49944>.
I'm not subscribed to openssh-unix-dev, so CCs of replies would be
welcome.
--
finger for GPG public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/19991206/b5ebc680/attachment.bin
More information about the openssh-unix-dev
mailing list