X11forwarding yes: how to debug/setup after xauth fix
Michael Felt
michael at felt.demon.nl
Wed Oct 4 20:07:25 AEDT 2017
I do not often use X11 - but when I do I prefer to enable X11forwarding,
and when finished - turn it off. This is preferable, imho, to having
"clear" X11 processing when local - and otherwise impossible when
working remote.
Working with openssh-7.5p2 I cannot figure out what (extra) I need to do
with sshd_config to get it working.
I know that there is a security-fix starting with openssh-7.2
(https://www.openssh.com/security.html, March 9, 2016) - and when I load
any version of openssh prior to Openssh-7.2 I get the expected X11
behavior over an ssh(d) X11forwarding tunnel.
So, what should I be looking at on my server or client-side. Is there a
different setting I should be using? I am still using the "putty"
setting of: MIT-Magic-Cookie-1. (I'll test, in a moment using
XDM-Authorization-1). However, the hint I am hoping for is the flag to
set for sshd (e.g., -ddddd) and what debug string - to see if
X11forwarding is attempted, and if so, why it is rejected by the sshd.
Again - no changes to client-side - openssh-7.1 and earlier work,
openssh-7.2 and later do not.
Thanks for you time!
Michael
More information about the openssh-unix-dev
mailing list