From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#23317: openssh: ssh client: xauth path is invalid - "/usr/X11R6/bin/xauth" Date: Mon, 01 Aug 2016 11:51:01 +0200 Message-ID: <87eg68u8ai.fsf@gnu.org> References: <20160419223929.54f33b36@scratchpost.org> <20160428073041.36eb3e93@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45856) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bU9tH-0001Pt-22 for bug-guix@gnu.org; Mon, 01 Aug 2016 05:52:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bU9tC-0000lz-6h for bug-guix@gnu.org; Mon, 01 Aug 2016 05:52:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:55267) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bU9tC-0000lu-3O for bug-guix@gnu.org; Mon, 01 Aug 2016 05:52:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bU9tB-0004sh-Rf for bug-guix@gnu.org; Mon, 01 Aug 2016 05:52:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20160428073041.36eb3e93@scratchpost.org> (Danny Milosavljevic's message of "Thu, 28 Apr 2016 07:30:41 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Danny Milosavljevic Cc: 23317@debbugs.gnu.org Hi! Danny Milosavljevic skribis: > But > > $ ssh -Y -o XAuthLocation=3D$(which xauth) daya20 > > works without the patch. > > And > > $ ssh -Y daya20 > > works with the patch. I pushed the patch as commit 683a4a34cd4a565cbdb0b46a326e30795657814c. This increases the closure size of OpenSSH from 89 to 118=C2=A0MiB (+33%), but I think it=E2=80=99s a useful addition. > But > > $ ssh -X daya20 > > never works, with or without the patch. Huh. I=E2=80=99ve straced =E2=80=9Cssh -X=E2=80=9D, and it shows that xauth fail= s like this: --8<---------------cut here---------------start------------->8--- 4742 write(2, "/gnu/store/86f0c3h99sl9z4x4w30hfy33i7nv2ik9-xauth-1.0.9/bin= /xauth: (argv):1: ", 78) =3D 78 4742 write(2, "couldn't query Security extension on display \":0.0\"\n", 5= 2) =3D 52 4742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-c") =3D 0 4742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-l") =3D 0 4742 umask(022) =3D 077 4742 exit_group(1) =3D ? --8<---------------cut here---------------end--------------->8--- This is because the SECURITY extension are disabled in our xorg-server package. We could configure it with --enable-xcsecurity, but upstream disables it by default and it seems to be deprecated: https://www.x.org/wiki/Development/Documentation/Security/ Thoughts? Ludo=E2=80=99.