Re: ssh -Y from macOS (11.16.2 Bigsur) to FreeBSD box (12.3)

To add: xauth is installed on the FreeBSD side.

Another data point:

starting X11 explicitly
then starting an xterm on the mac side and issuing xhost +
logging into the FreeBSD box using 

ssh -Y pc235

doing an xclock there

->  works!

I recall that this worked more elegantly by just typing ssh -Y host in the macOS terminal window.


> Am 10.02.2022 um 10:25 schrieb Christoph Kukulies <kuku@kukulies.org>:
> 
> Hi,
> 
> Thanks. I wrote the OS-version in the subject.  macOS 11.6.2 BigSur
> 
> I have 
> 
> X11Forwarding yes
> X11DisplayOffset 10
> X11UseLocalhost yes
> 
> in /etc/ssh/sshd_config in me FreeBSD box.
> 
> I’m not sure whether I installed XQuartz from Apple or XQuartz.org <http://xquartz.org/>. It used to work. The only change were OS upgrades Catalina-Mojave-Bigsur.
> Looks like it’s Apple:
> 
> <PastedGraphic-3.png>
> 
> I’m doing it from a Mac terminal not a xterm.
> 
> I did not start X11 explicitly. I believe to recall that the macOS window manager accepts X-connections or laumches X11 automatically - Not sure though.
> 
> —
> Christoph 
> 
>> Am 10.02.2022 um 09:55 schrieb Patrick Mahan <plmahan@gmail.com <mailto:plmahan@gmail.com>>:
>> 
>> On Thu, Feb 10, 2022 at 12:00 AM Christoph Kukulies <kuku@kukulies.org <mailto:kuku@kukulies.org>> wrote:
>> I recall it had workd in the past but something must have changed. 
>> I’m trying to do the following
>> 
>> 
>> 
>>  ssh -Y -v pc235
>> OpenSSH_8.1p1, LibreSSL 2.7.3
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 47: Applying options for *
>> debug1: Connecting to pc235 port 22.
>> debug1: Connection established.
>> debug1: identity file /Users/kuku/.ssh/id_rsa type 0
>> debug1: identity file /Users/kuku/.ssh/id_rsa-cert type -1
>> debug1: identity file /Users/kuku/.ssh/id_dsa type -1
>> debug1: identity file /Users/kuku/.ssh/id_dsa-cert type -1
>> debug1: identity file /Users/kuku/.ssh/id_ecdsa type -1
>> debug1: identity file /Users/kuku/.ssh/id_ecdsa-cert type -1
>> debug1: identity file /Users/kuku/.ssh/id_ed25519 type 3
>> debug1: identity file /Users/kuku/.ssh/id_ed25519-cert type -1
>> debug1: identity file /Users/kuku/.ssh/id_xmss type -1
>> debug1: identity file /Users/kuku/.ssh/id_xmss-cert type -1
>> debug1: Local version string SSH-2.0-OpenSSH_8.1
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9 FreeBSD-20200214
>> debug1: match: OpenSSH_7.9 FreeBSD-20200214 pat OpenSSH* compat 0x04000000
>> debug1: Authenticating to pc235:22 as 'kuku'
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug1: kex: algorithm: curve25519-sha256
>> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
>> debug1: kex: server->client cipher: chacha20-poly1305@openssh.com <mailto:chacha20-poly1305@openssh.com> MAC: <implicit> compression: none
>> debug1: kex: client->server cipher: chacha20-poly1305@openssh.com <mailto:chacha20-poly1305@openssh.com> MAC: <implicit> compression: none
>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xxxxxxxxxx
>> debug1: Host 'pc235' is known and matches the ECDSA host key.
>> debug1: Found key in /Users/kuku/.ssh/known_hosts:7
>> debug1: rekey out after 134217728 blocks
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: rekey in after 134217728 blocks
>> debug1: Will attempt key: /Users/kuku/.ssh/id_rsa RSA SHA256:xxxxxxxxx
>> debug1: Will attempt key: /Users/kuku/.ssh/id_dsa 
>> debug1: Will attempt key: /Users/kuku/.ssh/id_ecdsa 
>> debug1: Will attempt key: /Users/kuku/.ssh/id_ed25519 ED25519 SHA256:xxxxxxx
>> debug1: Will attempt key: /Users/kuku/.ssh/id_xmss 
>> debug1: SSH2_MSG_EXT_INFO received
>> debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey,keyboard-interactive
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: /Users/kuku/.ssh/id_rsa RSA SHA256:xxxxxx
>> debug1: Server accepts key: /Users/kuku/.ssh/id_rsa RSA SHA256:xxxxxx
>> debug1: Authentication succeeded (publickey).
>> Authenticated to pc235 ([192.168.178.34]:22).
>> debug1: channel 0: new [client-session]
>> debug1: Requesting no-more-sessions@openssh.com <mailto:no-more-sessions@openssh.com>
>> debug1: Entering interactive session.
>> debug1: pledge: exec
>> debug1: client_input_global_request: rtype hostkeys-00@openssh.com <mailto:hostkeys-00@openssh.com> want_reply 0
>> debug1: Remote: /home/kuku/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
>> debug1: Remote: /home/kuku/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
>> debug1: No xauth program.
>> Warning: No xauth data; using fake authentication data for X11 forwarding.
>> debug1: Requesting X11 forwarding with authentication spoofing.
>> debug1: Sending environment.
>> debug1: Sending env LANG = de_DE.UTF-8
>> Last login: Thu Feb 10 08:44:31 2022 from christophs-macbook-pro.fritz.box
>> FreeBSD 12.3-RELEASE-p1 GENERIC 
>> 
>> Welcome to FreeBSD!
>> 
>> 
>> $ echo $DISPLAY
>> localhost:10.0
>> $ xclock
>> connect /tmp/.X11-unix/X0: No such file or directory
>> Error: Can't open display: localhost:10.0
>> 
>> Any clues?
>> 
>> 
>> First the obvious questions:
>> 
>> 1. What version of Mac OS X are you running?
>> 2. Where did you install XQuartz from?  Apple or XQuartz.org <http://xquartz.org/>?
>> 3. Are trying this from the supplied xterm with XQuartz or terminal.app?
>> 
>> You might want to install xauth from packages (or ports source).  You might need to enable X11 forwarding in the sshd config on FreeBSD.
>>  
>> HTH,
>> 
>> Patrick
>