Re: Xorg and X11 forwarding via ssh

[Michael van Elst <mlelstv%serpens.de@localhost>]

On Wed, Jun 18, 2008 at 11:32:36PM -0600, cngo%nmsu.edu@localhost wrote:
> I did try to add
> 
> > XAuthLocation /usr/pkg/bin/xauth
> > in /etc/ssh/sshd_config and /etc/ssh/ssh_config.
> 
> but it doesn't help.

Let me guess.

You start the X Server manually and don't log in through xdm or similar?

In that case you do not have a X11 cookie. Please verify this with:

xauth list $DISPLAY

if you use xdm it should return a MIT-MAGIC-COOKIE or XDM-AUTHORIZATION key.

When there is no such key then X11 forwarding shows a warning with e.g.:

Warning: No xauth data; using fake authentication data for X11 forwarding.

and when starting an X program such as xlock you get:

Xlib: connection to "localhost:10.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
Error: Can't open display: localhost:10.0


That's because the server, by default, requires the correct key.

You can disable that requirement with 'xhost +localhost' or 'xhost +'
but then you allow anyone on the client or even the whole network
to control your X server.

For some environments this might be ok, but in general, you need to
use xdm or create a cookie manually with xauth.


Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."