From: ludo@gnu.org (Ludovic Courtès)
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: 23317@debbugs.gnu.org
Subject: bug#23317: openssh: ssh client: xauth path is invalid - "/usr/X11R6/bin/xauth"
Date: Mon, 01 Aug 2016 11:51:01 +0200 [thread overview]
Message-ID: <87eg68u8ai.fsf@gnu.org> (raw)
In-Reply-To: <20160428073041.36eb3e93@scratchpost.org> (Danny Milosavljevic's message of "Thu, 28 Apr 2016 07:30:41 +0200")
Hi!
Danny Milosavljevic <dannym@scratchpost.org> skribis:
> But
>
> $ ssh -Y -o XAuthLocation=$(which xauth) daya20
>
> works without the patch.
>
> And
>
> $ ssh -Y daya20
>
> works with the patch.
I pushed the patch as commit 683a4a34cd4a565cbdb0b46a326e30795657814c.
This increases the closure size of OpenSSH from 89 to 118 MiB (+33%),
but I think it’s a useful addition.
> But
>
> $ ssh -X daya20
>
> never works, with or without the patch. Huh.
I’ve straced “ssh -X”, and it shows that xauth fails like this:
--8<---------------cut here---------------start------------->8---
4742 write(2, "/gnu/store/86f0c3h99sl9z4x4w30hfy33i7nv2ik9-xauth-1.0.9/bin/xauth: (argv):1: ", 78) = 78
4742 write(2, "couldn't query Security extension on display \":0.0\"\n", 52) = 52
4742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-c") = 0
4742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-l") = 0
4742 umask(022) = 077
4742 exit_group(1) = ?
--8<---------------cut here---------------end--------------->8---
This is because the SECURITY extension are disabled in our xorg-server
package. We could configure it with --enable-xcsecurity, but upstream
disables it by default and it seems to be deprecated:
https://www.x.org/wiki/Development/Documentation/Security/
Thoughts?
Ludo’.
next prev parent reply other threads:[~2016-08-01 9:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-19 20:39 bug#23317: openssh: ssh client: xauth path is invalid - "/usr/X11R6/bin/xauth" Danny Milosavljevic
2016-04-28 5:30 ` Danny Milosavljevic
2016-08-01 9:51 ` Ludovic Courtès [this message]
2021-11-20 2:05 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87eg68u8ai.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=23317@debbugs.gnu.org \
--cc=dannym@scratchpost.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).