ssh/openssh and X authentication

Brad lists at anomie.dhis.net
Tue Dec 7 11:04:14 EST 1999


On 1999-11-29 at 15:29:37, Nigel Metheringham wrote:
> I've currently got a couple of boxes which obtain their IP address via 
> DHCP, and as a consequence do not have a mapping in /etc/hosts for 
> their own IP/name... but helpfully (!) they have their name mapping to 
> 127.0.0.1

i have a similar setup here, except with names mapping to 0.0.0.0; i
forget why, but mapping to 127.0.0.1 didn't work well for me for some
reason. Probably i did something wrong.

> This breaks X authentication... - openssh (and also ssh) makes an 
> apparently valid xauth entry, but all attempts to start clients gives 
> "X11 connection rejected because of wrong authentication."  Hacking the 
> DISPLAY & xauth entries to use the real IP address of the box, or even 
> 127.0.0.2 works fine, so it appears that something (maybe outside ssh) 
> is special casing 127.0.0.1

I think it's X itself, using unix domain sockets to connect to the
localhost. opensshd only puts an internet domain entry in the xauth
file. I managed to solve it on my system by having sshd do a second
xauth with "/unix" inserted just before the ':' in the display variable
in sshd.c.

I've filed more information in the Debian GNU/Linux bug tracking
database, at <http://cgi.debian.org/cgi-bin/bugreport.cgi?bug=49944>.
I'm not subscribed to openssh-unix-dev, so CCs of replies would be
welcome.


-- 
  finger for GPG public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/19991206/b5ebc680/attachment.bin 


More information about the openssh-unix-dev mailing list