ssh -X remote does not work due to problem with xauth

Matthias Apitz guru at unixarea.de
Thu May 10 15:02:09 UTC 2018 

El día jueves, mayo 10, 2018 a las 09:38:16a. m. -0500, Valeri Galtsev escribió:

> 
> 
> On 05/10/18 09:00, Matthias Apitz wrote:
> > On Thursday, 10 May 2018 14:34:27 CEST, James B. Byrne 
> > <byrnejb at harte-lyne.ca> wrote:
> >>
> >> On Wed, May 9, 2018 14:09, Matthias Apitz wrote:
> >>
> >> What is the ownership of and permissions on .Xauthority on the remote
> >> host?
> >>
> > 
> > It's owned by me, created as new if not there, but with size=0.
> 
> Did you check that you are not up against hard quota, and the filesystem 
> is not full? I already suggested that, but my message seems to miss your 
> attention. One thing you can try on remote host is:

The remote host is one of our central development hosts, has not quota,
no file sys full and plenty much GB of disk space:

$ scp  /boot/kernel/kernel apitzm at s70devl:.
$ ssh apitzm at s70devl ls -lh kernel
-r-xr-xr-x 1 apitzm apitzm 26M 10. Mai 16:49 kernel
$ ssh apitzm at s70devl LANG=C df -kh .
Filesystem                   Size  Used Avail Use% Mounted on
/dev/mapper/vg_root-lv_root  337G   68G  268G  21% /

> Another possibility on multi-user system when this works for others but 
> not for you is if you as UNIX user is prohibited [X]-forwarding by 
> sysadmin (-"fascist"). I as sysadmin only twice during last decade had 
> to restrict one single user from doing something, but it still is the 
> possibility.

I don't think, that our IT department does such things against the Tech Head
I am :-)

I do thank for all replies, but have to say, that all ignored the provided 
truss output (at least in all replies). Here it is again and shows that
there is a LOCAL problem; the LOCAL /usr/local/bin/xauth tries to
create the LOCAL file /tmp/ssh-adSkh4btDHWr/xauthfile (perhaps to move it over
the SSH channel to the remote end) and it fails doing this:

$ grep xauth ssh.tr
 2505: stat("/usr/local/bin/xauth",{ mode=-rwxr-xr-x ,inode=15268663,size=41056,blksize=32768 }) = 0 (0x0)
 2505: write(2,"debug2: client_x11_get_proto: /usr/local/bin/xauth -f /tmp/ssh-adSkh4btDHWr/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted timeout 1260 2>/dev/null\r\n",153) = 153 (0x99)
 2506: execve("/usr/local/bin/xauth",0x80145a260,0x80145a408) = 0 (0x0)
 2506: stat("/tmp/ssh-adSkh4btDHWr/xauthfile-c",0x7fffffffdb80) ERR#2 'No such file or directory'
 2506: openat(AT_FDCWD,"/tmp/ssh-adSkh4btDHWr/xauthfile-c",O_WRONLY|O_CREAT|O_EXCL,0600) = 3 (0x3)
 2506: pathconf("/tmp/ssh-adSkh4btDHWr/xauthfile-c",_PC_LINK_MAX) = 32767 (0x7fff)
 2506: link("/tmp/ssh-adSkh4btDHWr/xauthfile-c","/tmp/ssh-adSkh4btDHWr/xauthfile-l") = 0 (0x0)
 2506: access("/tmp/ssh-adSkh4btDHWr/xauthfile",F_OK) ERR#2 'No such file or directory'
 2506: open("/tmp/ssh-adSkh4btDHWr/xauthfile",O_RDONLY,0666) ERR#2 'No such file or directory'
 2506: access("/tmp/ssh-adSkh4btDHWr/xauthfile",F_OK) ERR#2 'No such file or directory'
 2506: write(2,"/usr/local/bin/xauth:  file /tmp/ssh-adSkh4btDHWr/xauthfile does not exist\n",75) = 75 (0x4b)
 2506: access("/tmp/kde-guru/xauth-1001-_0",R_OK) = 0 (0x0)
 2506: open("/tmp/kde-guru/xauth-1001-_0",O_RDONLY,0666) = 4 (0x4)
 2506: write(2,"/usr/local/bin/xauth: (argv):1:  ",33) = 33 (0x21)
 2506: lstat("/tmp/ssh-adSkh4btDHWr/xauthfile-c",{ mode=-rw------- ,inode=24961,size=0,blksize=32768 }) = 0 (0x0)
 2506: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile-c") = 0 (0x0)
 2506: lstat("/tmp/ssh-adSkh4btDHWr/xauthfile-l",{ mode=-rw------- ,inode=24961,size=0,blksize=32768 }) = 0 (0x0)
 2506: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile-l") = 0 (0x0)
 2505: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile") ERR#2 'No such file or directory'
 2505: write(2,"Warning: untrusted X11 forwarding setup failed: xauth key data not generated\r\n",78) = 78 (0x4e)

$ grep Sec ssh.tr
 2505: read(3,"\0\0\^A\^D\v\^_\0\0\0h\0\0\0\^Secdsa-sha2-nistp256\0\0\0\bnistp256\0\0\0A\^D\^Qa<x\^U\M-jW\M-Hy/\M-:\M-b\^Qc\M-\^\^SG\M^ZT|\M-ck7\M-H\M-s\M-gKNi\n\M^Ex\M-;D.\M-w\M-'\^O\^T\^Uls\M^Y\M-D\M-5{\M-6\M-3d\M-U\M-P\M-Ck\M-*7\a\^U\^W\M-^\M^Il\M-n\M-,\0\0\0 M\M-G"...,8192) = 364 (0x16c)
 2506: write(2,"couldn't query Security extension on display ":0"\n",50) = 50 (0x32)

One can simulate the xauth call locally and without redirecting STDERR and
will see the same error:

$ /usr/local/bin/xauth -f /tmp/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted timeout 1260
/usr/local/bin/xauth:  file /tmp/xauthfile does not exist
/usr/local/bin/xauth: (argv):1:  couldn't query Security extension on display ":0"

This, and the fact that my colleagues do not face the problem, let me
strongly think in a LOCAL problem, maybe of the Xorg server which is xorg-7.7_2
from the ports.

Thanks again for reading my post.

	matthias
-- 
Matthias Apitz, ✉ guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: Спаси́бо освободители! Thank you very much, Russian liberators!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20180510/a048e9d3/attachment.sig>

More information about the freebsd-questions mailing list