X11forwarding yes: how to debug/setup after xauth fix
Michael Felt
michael at felt.demon.nl
Wed Oct 4 22:41:50 AEDT 2017
On 04/10/2017 11:59, Michael Felt wrote:
> On 04/10/2017 11:28, Michael Felt wrote:
>>
>> Looking further: How can I see what is failing? Can I add a character
>> to the whitelist (once I know what is rejected)?
>>
>> imho: the cure may be worse than the illness if this means my X11
>> sessions are either "clear" or impossible - as they are not in the
>> SSH (encrypted) tunnel.
>
> My apologies - it seems I may have been 'days' too late, and the
> discussions about this are not (yet) spotted by the search engines -
> as, I see yesterday there was a new release - and the change notes may
> already provide some "debug" info...
>
> From: https://www.openssh.com/releasenotes.html, Changes since
> OpenSSH-7.5 ...
>
> * sshd(8): add ExposeAuthInfo option that enables writing details of
> the authentication methods used (including public keys where
> applicable) to a file that is exposed via a $SSH_USER_AUTH
> environment variable in the subsequent session.
>
> Still have to think a bit about how this is to be setup...
>
OK - packaged and testing started. No info re: xauth, only the public key.
SSH_USER_AUTH=/tmp/sshauth.VsjLknn9UBh6NyY
# cat /tmp/sshauth.VsjLknn9UBh6NyY
publickey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHpKOP2...
# wc /tmp/sshauth.VsjLknn9UBh6NyY
1 3 391 /tmp/sshauth.VsjLknn9UBh6NyY
Wrong tree (as in barking up the wrong ...)?
> Many thanks for your patience.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list