search for: xauth

On 13/10/2017 15:29, Michael Felt wrote: > This verifies it is xauth related: > > debug3: sending debug message: No xauth program; cannot forward with > spoofing. > > so, added an extra debug - and this is what I see: > > debug1: session_input_channel_req: session 0 req x11-req > debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth &...

Alan Coopersmith (2): include POSIX-standard limits.h for PATH_MAX instead of sys/syslimits.h autogen.sh: Honor NOCONFIGURE=1 Dr. Tilmann Bubeck (2): Clarified RELEASING in README Fix for xauth failing on ENOSPC (= disk full) Emil Velikov (1): autogen.sh: use quoted string variables Jeremy Huddleston Sequoia (1): Update DISPLAY parsing to work with new launchd paths in Yosemite Jon TURNEY (1): Fix !HAVE_STRLCPY case Matt Turner (2): Build xauth before running t...

This release fixes a race condition where an existing authority file would be unlinked (possibly causing other clients to fail to connect), and fixes sorting and merging of authority file entries. Adam Jackson (2): process: Close a window where no authority file would exist xauth 1.1 Alan Coopersmith (3): Change fall through comment in process.c to match gcc's requirements Update README for gitlab migration Update configure.ac bug URL for gitlab migration Michal Srb (2): Merge only entries with equal dpy and protoname. Sort entries from m...

Hello, I have a strange (for me) problem with these two machines : - Client, a CentOS-5.7 workstation ; - Server, a CentOS-6.2 headless, up-to-date server. From Client, I want to use xauth on Server with the help of rsh (yes, I know, ssh and all this sort of things... another time.) When SELinux is in permissive mode on Server, all these commands perform as expected : rsh Server /usr/bin/xauth info rsh Server /usr/bin/xauth list xauth nextract - Client:0.0 | rsh Server /usr/bin/xau...

...of one of likely ones it is > from session.c:session_setup_x11fwd() > >> packet_send_debug("X11 forwarding disabled in user configuration file."); >> packet_send_debug("X11 forwarding disabled in server configuration file."); >> packet_send_debug("No xauth program; cannot forward with spoofing."); >> packet_send_debug("Can't get IP address for X11 DISPLAY."); My 'quess' is that it somehow related to 'auth' - as there was a security-fix for auth that was introduced in version 7.2 (as I mentioned before: http...

The current configuration only works if xauth can be found at /usr/X11R6/bin/xauth, which creates some problems when running sshd on an openwin system. Contained below are patches to find the path of xauth in configure, and set the path in config.h. (also contained is a patch for configure for those without autoconf) Also-- added #include &...

...d at: http://www.openssh.com/txt/x11fwd.adv 1. Affected configurations All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled. 2. Vulnerability Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1). Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an...

Adam Jackson (1): xauth 1.0.3 Daniel Drake (1): Bug #10971: xauth COPYING file Jeremy Huddleston (2): Added support for launchd socket get_address_info: don't allow duplicate entries to be returned in the list git tag: xauth-1.0.3 http://xorg.freedesktop.org/archive/individual/app/xauth-1.0.3.tar...

...cket, wait for reply debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: ssh_session2_setup: id 0 debug2: channel 0: request pty-req debug2: x11_get_proto: /usr/bin/X11/xauth list :0.0 . 2>/dev/null debug1: Requesting X11 forwarding with authentication spoofing. debug2: channel 0: request x11-req debug2: channel 0: request shell debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust...

...d at: http://www.openssh.com/txt/x11fwd.adv 1. Affected configurations All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled. 2. Vulnerability Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1). Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an...

Manpage typo fix & minor cleanups, autoconf/make updates. This release is targeted for 7.2. http://xorg.freedesktop.org/releases/individual/app/xauth-1.0.2.tar.bz2 http://xorg.freedesktop.org/releases/individual/app/xauth-1.0.2.tar.gz git tag: xauth-1.0.2 md5 (xauth-1.0.2.tar.bz2) = 31b956edaeb453ddaa640420e97b25b2 md5 (xauth-1.0.2.tar.gz) = 5165d33891addd8e511e35876953b261 sha1 (xauth-1.0.2.tar.bz2) = 64bf289e3b3776de7f6b5984eb6ed238cfe9e2aa...

...rk-s01.candlepin.dev.devlab.phx1.redhat.com This is the message I get: X11 forwarding request failed on channel 0 A viewer window pops up for a fraction of a second and then goes away. Using -vvvv on the local ssh command gives a few possibly related messages: debug2: x11_get_proto: /usr/bin/xauth list :0.0 2>/dev/null debug1: Requesting X11 forwarding with authentication spoofing. debug2: channel 0: request x11-req confirm 1 debug1: Requesting authentication agent forwarding. debug2: channel 0: request auth-agent-req at openssh.com confirm 0 : debug1: Remote: No xauth program; cannot f...

Dear All, I'm using Centos5 to run a firewall, and as part of the intrusion detection apparatus, I use tripwire (tripwire-2.4.1.1-1.fc6.x86_64.rpm - as made for fedora core 6, and then tweaked with my own twpol.txt). My problem, is that when I su to root, a .xauth file is created with a random tail name - i.e. /root/.xauthyN4aHS or /root/.xauth1sGdFh and this causes tripwire to trigger. I can stop sshd from X forwarding to prevent .xauth files, but that's a really bad solution. And I can't see any mention of being able to use wildcards in the t...

No "ssh -X hostname" doesn't work. But when you "export DISPLAY=..." it works!? I set the the Display Hack so that I can see my IP with "env" or "echo SSH_CLIENT" when I'm connect via VPN-Tunnel and I don't know my IP in the Net I'm connected through. Andreas Kerl ----------------------------------------- DTS Medien GmbH Heidestrasse 38

http://bugzilla.mindrot.org/show_bug.cgi?id=338 ------- Additional Comments From stevesk at pobox.com 2002-07-07 04:00 ------- will look into this ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now seeing in /var/log/audit/audit.log : type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tco...

...can't see any difference to a working server: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: x11_get_proto: /usr/bin/xauth list unix:10.0 2>/dev/null debug1: Requesting X11 forwarding with authentication spoofing. debug2: channel 0: request x11-req confirm 0 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 0 and netstat does not show the open ports in the 60xx range: # netstat -antp|...

...sh_host_ed25519_key|/usr/local/etc/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/moduli|g' -e 's|/etc/ssh/moduli|/usr/local/etc/moduli|g' -e 's|/etc/ssh/sshrc|/usr/local/etc/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/usr/openwin/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ./${conffile} > sshd_config.out conffile=`echo ssh_config.out | sed 's/.out$//'`; \ /opt/csw/gnu/sed -e 's|/etc/ssh/ssh_con...

...Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: holger at van-lengerich.de Hi, I just played a little bit with xauth and I thought I should drop a note in here: Brief SSH X11 forwarding history: 1995 Tatu Yl?nen releases ssh v1.0.0 including the X11 Forwarding feature 1996 Security extensions were defined for X11 http://www.xfree86.org/~herrb/security.pdf 1997 Ulrich Flegel determines that X11 forwarding...

I still don't understand the point of authenticating myself to my own local X server when using X11 forwarding, I tried: ssh -R /tmp/.X11-unix/X0:/tmp/.X11-unix/X0 user at server # and then DISPLAY=:0 xterm and everything is working fine without the mess with xauth, so why it is required to use use xauth when doing X11 forwarding with ssh?