• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: ssh -Y and xauth
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh -Y and xauth

  • Subject: Re: ssh -Y and xauth
  • From: Alley Stoughton <email@hidden>
  • Date: Sun, 12 Feb 2006 15:12:22 -0600
Hi Rich,

 > > I'm running Tiger.  When I use ssh -Y, and then run X clients
 > > remotely,
 > > things work fine, but I get a warning:
 > >
 > >   Warning: No xauth data; using fake authentication data for X11
 > > forwarding.
 > >
 > > I can see why ssh would issue it: indeed, there is no .Xauthority file
 > > on my Mac.  X11 on Tiger doesn't seem to use X authorization data
 > > for local
 > > connections.
 > >
 > > Does everyone get this warning message, or do I have ssh configured
 > > incorrectly?
 >
 >   I quickly found this on google.  Thanks for asking the question,
 > btw, it's been bothering me.
 >
 > <http://mactip.blogspot.com/>
 >
 > Bottom line:
 >
 >   xauth generate :0 .
 >
 > fixes the problem.  Maybe put it in your .xinitrc?  I'm not sure
 > where this should go.  For now, I'm putting it in my .xinitrc.

Yes, I'd seen this, but I'd previously had trouble with it.  However
I've now tried

  xauth generate :0 . trusted

(the default being untrusted), and this seems to work fine for me.

 > > Another question is just what is "trusted X11 forwarding".  The
 > > ssh manual page doesn't say.
 >
 > Due to security concerns (highlighted by a vulnerability in using SSH
 > with Trusted X11 Forwarding), OpenSSH (as of version 3.8) now
 > supports both untrusted (-X) and trusted (-Y) X11 Forwarding. The
 > difference is what level of permissions the client application has on
 > the X-server running on the client machine. Untrusted (-X) X11
 > Forwarding is more secure, but unfortunatley most applications do not
 > support running with less priviledges as of yet. So when attempting
 > to remotely access applications, using Trusted (-Y) X11 Forwarding
 > will have less applications problems for the near future.

Yes, but can anyone point me to more information about what "privileges"
X clients are given under the two regimes.

The trusted argument to xauth (see above) makes the xauth entry allow
trusted access to the X server.  So it makes sense that when using
ssh -Y one should use xauth with this option.

Out of curiosity, does anyone know why X11 on Mac OS X doesn't
automatically create the .Xauthority file?

Thanks for your help, Rich!

Alley
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list      (email@hidden)

This email sent to email@hidden
  • Follow-Ups:
    • Re: ssh -Y and xauth
      • From: Rich Cook <email@hidden>
References: 
 >ssh -Y and xauth (From: Alley Stoughton <email@hidden>)
 >Re: ssh -Y and xauth (From: Rich Cook <email@hidden>)

  • Prev by Date: Re: mysterious disappearing xterms
  • Next by Date: Re: mysterious disappearing xterms
  • Previous by thread: Re: ssh -Y and xauth
  • Next by thread: Re: ssh -Y and xauth
  • Index(es):
    • Date
    • Thread