From nobody@FreeBSD.org Wed Dec 13 07:50:48 2000 Return-Path: Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id EF38A37B402 for ; Wed, 13 Dec 2000 07:50:47 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eBDFolu98121; Wed, 13 Dec 2000 07:50:47 -0800 (PST) (envelope-from nobody) Message-Id: <200012131550.eBDFolu98121@freefall.freebsd.org> Date: Wed, 13 Dec 2000 07:50:47 -0800 (PST) From: peter@mutsaers.com Sender: nobody@FreeBSD.org To: freebsd-gnats-submit@FreeBSD.org Subject: sshd creates empty X11 auth cookies file when ~/.ssh/rc exists X-Send-Pr-Version: www-1.0 >Number: 23523 >Category: bin >Synopsis: sshd creates empty X11 auth cookies file when ~/.ssh/rc exists >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Dec 13 08:00:00 PST 2000 >Closed-Date: Thu Dec 14 03:30:39 PST 2000 >Last-Modified: Thu Dec 14 03:31:33 PST 2000 >Originator: peter@mutsaers.com >Release: 4.2-stable >Organization: >Environment: FreeBSD muon.mutsaers.com 4.2-STABLE FreeBSD 4.2-STABLE #1: Sat Dec 2 09:52:07 CET 2000 plm@muon.mutsaers.com:/usr/src/sys/compile/MUON i386 >Description: See one line summary >How-To-Repeat: Create (empty) ~/.ssh/rc on the sshd server. Login from a ssh client with -v -X (X11 connection forwarding). Opening X11 clients won't work because of "different authentication" protocols, error caused by the invalid (empty) cookies file. >Fix: ?? Upgrade to OpenSSH 2.3.0p1? I don't know whether this has been fixed or not, neither whether this bug is general openssh or FreeBSD specific. >Release-Note: >Audit-Trail: State-Changed-From-To: open->feedback State-Changed-By: dwmalone State-Changed-When: Wed Dec 13 09:58:28 PST 2000 State-Changed-Why: I believe this the the documented behaviour of sshd - I'll close the PR shortly if this seems reasonable. http://www.freebsd.org/cgi/query-pr.cgi?pr=23523 From: David Malone To: peter@mutsaers.com Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/23523: sshd creates empty X11 auth cookies file when ~/.ssh/rc exists Date: Wed, 13 Dec 2000 17:56:36 +0000 On Wed, Dec 13, 2000 at 07:50:47AM -0800, peter@mutsaers.com wrote: > Login from a ssh client with -v -X (X11 connection forwarding). > Opening X11 clients won't work because of "different authentication" protocols, error caused by the invalid (empty) cookies file. This is the (rather weird) documented behavior of these rc files see sshd(8). The xauth info is passed on stdin and then it's the rc script's job to deal with it. We do the following in /etc/ssh/sshrc: #!/bin/sh PATH="/usr/X11R6/bin:$PATH" if [ -n "$DISPLAY" ] && read proto cookie; then echo add $DISPLAY $proto $cookie | xauth -q - if [ -n "$XAUTHORITY" ] ; then sshauthorityfile="$XAUTHORITY" unset XAUTHORITY xauth merge "$sshauthorityfile" fi fi This writes the cookie into the xauth file in people's home directories, which we expect for our local setup. David. State-Changed-From-To: feedback->closed State-Changed-By: dwmalone State-Changed-When: Thu Dec 14 03:30:39 PST 2000 State-Changed-Why: Submitter is happy that this is the documented behaviour. http://www.freebsd.org/cgi/query-pr.cgi?pr=23523 >Unformatted: