[OpenSSH_5.1] Untrusted X11 forwarding (ssh -X) no longer works?

Artis extrospective at gmail.com
Sun Feb 8 13:38:32 EST 2009


$ ssh -v
OpenSSH_5.1, OpenSSL 0.9.8j 07 Jan 2009
$ ssh -vvv -X example.com
[ Relevant debug info: ]
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
[OpenSSH_5.1, OpenSSL 0.9.7j 04 May 2006]
debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
/tmp/ssh-TLLOFKxvay/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1
untrusted timeout 1200 2>/dev/null
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
$ xeyes
$ xeyes
debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 39892
debug2: fd 10 setting O_NONBLOCK
debug3: fd 10 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: channel 1: read<=0 rfd 10 len 0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: rcvd eof
debug2: channel 1: output open -> drain
debug2: channel 1: obuf empty
debug2: channel 1: close_write
debug2: channel 1: output drain -> closed
debug2: channel 1: rcvd close
debug3: channel 1: will not send data after close
debug2: channel 1: send close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/139 fd 6/7 cfd -1)
  #1 x11 (t4 r2 i3/0 o3/0 fd 10/10 cfd -1)

debug3: channel 1: close_fds r 10 w 10 e -1 c -1
Xlib: connection to "localhost:10.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
Error: Can't open display: localhost:10.0

[Both ends are OpenBSDs. Client side is 4.4-RELEASE. X server is CURRENT]

The above xauth command that ssh client tries, fails if executed manually:
$ /usr/X11R6/bin/xauth -f /tmp/ssh-TLLOFKxvay/xauthfile generate :0.0
MIT-MAGIC-COOKIE-1 untrusted timeout 1200
/usr/X11R6/bin/xauth:  error in locking authority file
/tmp/ssh-TLLOFKxvay/xauthfile

I have to manually exec xauth +localhost to fix forwarding. Trusted
forwarding (-Y) works.

Is this somehow related to http://bugs.gentoo.org/237778 and
https://bugzilla.redhat.com/show_bug.cgi?id=436230

Artis

P.S. I'm not subscribed to the list.


More information about the openssh-unix-dev mailing list