search for: xauthority

Hello all, $XAUTHORITY location has moved from under /tmp to ~/.Xauthority in 2.9p2. The commit message was: --- remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/environment if you want to customize the location of the xauth cookies --- T...

...nnection to b202.ryd.student.liu.se:11.0 broken (explicit kill or > server shutdown). [pucko at b202 pucko]$ > > The strange thing is that it works if I do the same thing as root. > > What can be wrong? > > /M I believe the source of the problem is the automatic setup of the XAUTHORITY environment variable in different distributions (Mandrake, RedHat, others...) during login. openssh seems to create its own Xauthority cookie file in /tmp rather than create an entry in the user's $HOME/.Xauthority (why?). After successful ssh login, XAUTHORITY points to /tmp/ssh-randomstring/c...

Hi. I see this XAUTHORITY=/tmp/ssh-*/cookies issue has been discussed repeatedly, but I haven't seen a solution to the following problem. Remote user logs into firewall. On firewall, DISPLAY var set to secure channel, XAUTHORITY set to /tmp/ssh-*/cookies. X11 forwarding from firewall works fine. User logs into machin...

Hi, if I do the following: ssh -X localhost su - another_user xterm I get: X connection to ming:10.0 broken (explicit kill or server shutdown). Where what is really wanted was something like: Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server xterm Xt error: Can't open display: :0.0 'tis easy to reproduce the bug, but the debug

http://bugzilla.mindrot.org/show_bug.cgi?id=771 Summary: Add option to override XAUTHORITY env variable Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: enhancement Priority: P5 Component: sshd AssignedTo: openssh-bugs at mindrot.org Repo...

...researched the problem some more, so I can give a much more concise description of what's happening. I'm mounting the home directories of the users upon login (using pam_mount) from the Windows server. However, none of the users can run X Windows. It says there's a problem with the .Xauthority file. I read that the .Xauthority and the .ICEauthority files can't exist on and SMB share, so I used environment variables and pointed them to /tmp. Now, when the users try to start X (either through the GUI login, or from "startx"), it says the connection is refused by the server. D...

This issue has been discussed here and elsewhere a fair bit in the past year or so, but to re-address the issue... As of OpenSSH 2.9.something the ability to have an Xauthority located in /tmp was removed, with the following description in the ChangeLog : - markus at cvs.openbsd.org 2001/06/12 21:21:29 [session.c] remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/envir...

...API console ''other_config'' keys. XENAPI_CONSOLE_OTHER_CFG = [''vncunused'', ''vncdisplay'', ''vnclisten'', ''vncpasswd'', ''type'', ''display'', ''xauthority'', - ''keymap''] + ''keymap'', ''opengl''] # List of XendConfig configuration keys that have no direct equivalent # in the old world. --- a/tools/python/xen/xend/image.py Tue Mar 18 14:...

...39;m reluctantly using GDM ( not my favorite but it will do ) Last, I'm using KDE, but GNOME works too. First, I followed suggestions from previous posts, and did a little tweaking on my own, which include the following: a) I've added the following to the user's .bash_profile: export XAUTHORITY=/tmp/.Xauthority export ICEAUTHORITY=/tmp/.ICEauthority b) NOTE: gnome doesn't require this step. I did some editing of my /usr/bin/startkde script to move all .kde and .kderc etc... files OUT of the home directory. From what I can tell, limits in the SMBFS are not allowing kde to start suc...

...is set, sshd could treat the stdout of sshrc as additional assignment lines of the form name=value. This would permit sshrc to propagate propagate changes to the environment to the user's shell or command. The specific problem I am trying to solve here is to use a temporary, securely-created Xauthority file. If sshd were to read the output of sshrc, then I could do it. E.g.: if read proto cookie && [ -n "$DISPLAY" ]; then if xauth=`mktemp -t xauth-XXXXXXXXXX" 1>/dev/null`; then XAUTHORITY=${xauth}; export "${XAUTHORITY}" echo "XAUTHORITY=${XAU...

...''1''], [''vcpus'', ''1''], [''boot'', ''c''], [''serial'', ''pty''], [''vnc'', ''1''], [''vncunused'', ''1''], [''xauthority'', ''/root/.Xauthority''], [''acpi'', ''1''], [''apic'', ''1''], [''vncpasswd'', ''None'']]], [''device'', [''vif'', [''backend'',...

http://bugzilla.mindrot.org/show_bug.cgi?id=733 Summary: ssh doing xauth stuff even when it can't access local .Xauthority file Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: ste...

https://bugzilla.mindrot.org/show_bug.cgi?id=1401 Summary: ssh does not remove staled credentials from .Xauthority Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org Re...

Hello, I have been having issues with x11 forwarding using my linux-mandrake based servers. I checked my XAUTHORITY variable and it was set to ~/.Xauthority ... After reading the mail archives, I found the /tmp/ssh* directory created during my ssh session, and did this: export XAUTHORITY="/tmp/ssh-hzuA1805/cookies" xeyes ...and the X11 forwarding worked! I'm using the openssh-2.2.0p1-2 openssh-a...

On some of my machines, when I run "su -" in a terminal to get a root shell, an XAUTHORITY file is automatically generated to give display access to GUI programs spawned by that shell, i.e., # set | grep XAUTH XAUTHORITY=/root/.xauthayZmdH That file contains a copy of the MIT-MAGIC-COOKIE from my original X session. On other machines with the same installed OS (CentOS 6....

...Kernel reports drm seems to be there: drm0: <ATI Radeon QY RV100 VE> port 0x9000-0x90ff mem 0xed000000-0xed00ffff,0xe$ info: [drm] Initialized radeon 1.8.0 20020828 on minor 0 Now, when I try to start XFree86 everything looks fine at first: root@noname:~# startx Using authority file /root/.Xauthority Writing authority file /root/.Xauthority Using authority file /root/.Xauthority Writing authority file /root/.Xauthority XFree86 Version 4.3.0 Release Date: 27 February 2003 X Protocol Version 11, Revision 0, Release 6.6 Build Operating System: FreeBSD 4.8 i386 [ELF] Build Date: 23 April 2003...

...[''timer_mode'', 1], [''usb'', 1], [''usbdevice'', ''tablet''], [''vcpus'', ''4''], [''vncunused'', 1], [''viridian'', 0], [''vpt_align'', 1], [''xauthority'', ''/root/.Xauthority''], [''xen_platform_pci'', 1], [''memory_sharing'', 0], [''device_model'', ''/usr/lib64/xen-4.1/bin/qemu-dm''], [''tsc_mode'', 0], [''nomigrate'', 0]]],...

Hi! Is there any reason why support for the libwrap code isn't included in the X11 forwarding code? I'd like to restrict access to that port. How many applications would break if the tcp port would be closed and only the unix-domain socket would be available? It's true that x11 forwardings can be considered as a security risk and they are disabled because of that by default. I

...Resolution|--- |WONTFIX --- Comment #8 from Damien Miller <djm at mindrot.org> --- (In reply to Mario Nigrovic from comment #4) > The problem with all existing options is that the .ssh/rc (or xauth > override) > has no mechanism for passing a new value for XAUTHORITY _back_ into > the user > environment. I don't think another mechanism is necessary. ~/.ssh/rc could communicate with subsequent shell initialisation via something like ~/.ssh/xauth.$PPID -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are...

...a. The forwarding code will check the validity of the * response anyway, and substitute this data. The X11 * server, however, will ignore this fake data and use * whatever authentication mechanisms it was using otherwise * for the local connection. */ So, yes, it's probably due to your .Xauthority not being readable but it's not anything to worry about (and there's nothing much that ssh could do about it anyway...) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.