X11forwarding yes: how to debug/setup after xauth fix

Michael Felt michael at felt.demon.nl
Wed Oct 4 22:41:50 AEDT 2017


On 04/10/2017 11:59, Michael Felt wrote:
> On 04/10/2017 11:28, Michael Felt wrote:
>>
>> Looking further: How can I see what is failing? Can I add a character 
>> to the whitelist (once I know what is rejected)?
>>
>> imho: the cure may be worse than the illness if this means my X11 
>> sessions are either "clear" or impossible - as they are not in the 
>> SSH (encrypted) tunnel.
>
> My apologies - it seems I may have been 'days' too late, and the 
> discussions about this are not (yet) spotted by the search engines - 
> as, I see yesterday there was a new release - and the change notes may 
> already provide some "debug" info...
>
> From: https://www.openssh.com/releasenotes.html, Changes since 
> OpenSSH-7.5 ...
>
>  * sshd(8): add ExposeAuthInfo option that enables writing details of
>    the authentication methods used (including public keys where
>    applicable) to a file that is exposed via a $SSH_USER_AUTH
>    environment variable in the subsequent session.
>
> Still have to think a bit about how this is to be setup...
>
OK - packaged and testing started. No info re: xauth, only the public key.

SSH_USER_AUTH=/tmp/sshauth.VsjLknn9UBh6NyY

# cat /tmp/sshauth.VsjLknn9UBh6NyY
publickey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHpKOP2...

# wc /tmp/sshauth.VsjLknn9UBh6NyY
        1       3     391 /tmp/sshauth.VsjLknn9UBh6NyY

Wrong tree (as in barking up the wrong ...)?

> Many thanks for your patience.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>



More information about the openssh-unix-dev mailing list