On 26/03/2015 22:06, Andrew DeFaria wrote:
On 3/26/2015 12:12 PM, Jon TURNEY wrote:
On 25/03/2015 17:40, Andrew DeFaria wrote:
Prediction: This problem probably will end up having something to do
with the permissions and file system that ~/.Xauthority resides on,
which is, I believe, a NetApp. This file system is the file system for
the Linux Home directories (Windows "home" directories are somewhere
else). In an attempt to have a transparently workable environment I set
my Cygwin home directory to access the same directory my Linux servers
use for the home directory - this NetApp. If you need more information
about that then let me know and perhaps tell me how I can get that.

This seems very plausible.

If I am understanding you correctly, ~/.Xauthority is the same file on
the NetApp at both ends.  I think perhaps that is somehow the cause of
the problem.


The sequence of actions is something like:

- startx(|win) generates a random cookie and stores it in
~/.serverauth.<pid> and uses that file as the server -auth option
- it also uses 'xauth add' to put that cookie into ~/.Xauthority for the
display (e.g. :0)

I'm not using startx - I just do C:\Cygwin\bin\XWin.exe -multiwindow
-listen tcp

Sorry, I don't think you had mentioned that before.

It's even simpler then:

- ssh looks for a cookie for $DISPLAY (e.g. :0) in ~/.Xauthority using 'xauth list', discovers there isn't one so makes one up and sends it to the far end (this what "Warning: No xauth data; using fake authentication data for X11 forwarding." is telling you) - sshd tries to store that cookie using xauth for the proxy display (e.g :10)

Reading the source of xauth [1], it does try to lock the ~/.Xauthority
file for up to 20 seconds before giving up, which perhaps corresponds to
the delay you see?

Sounds plausible. Is that configurable?

Unfortunately, no.

Possibly you could set XAuthLocation in ssh(|d)_config to a wrapper script which uses 'xauth -i' to ignore locks.

Does 20 seconds actually match the length of the delay you see?

However, the "unable to link authority file .Xauthority, use
.Xauthority-n" message indicates that the working file .Xauthority-n
cannot renamed as .Xauthority (xauth tries both to hard-link it as
.Xauthority, and to rename it)

After I ssh -X to this system I do see ~/.Xauthority and
~/.Xauthority-n. They are the same size but differ binarily. I can do mv
~/.Xauthority-n ~/.Xauthority without issue. Why can't sshd do that?

Once I rename the file X clients work! From that machine...

So the plot thickens... Why was mv denied permission when I can easily
do it once I get a prompt?

It kind of looks like perhaps there is some kind of delay in releasing the file lock?

You might like to try running something like 'xauth -f ~/foo add :99 . `mcookie`' at both ends in rapid succession and see if that works or fails in the same way?

Any idea why setting ForwardX11 yes and ForwardX11Trusted don't seem to
work? I thought it was that setting ForwardX11 yes is equivalent to
specifying -X and setting ForwardX11Trusted yes is equivalent to
specifying -Y but they are not behaving that way!

Adefaria-lt:echo "ForwardX11 yes" > ~/.ssh/config
Adefaria-lt:ssh cm-db-ldev01 "echo DISPLAY = \'\$DISPLAY\'"
Warning: untrusted X11 forwarding setup failed: xauth key data not
Warning: No xauth data; using fake authentication data for X11 forwarding.
X11 forwarding request failed on channel 0

This seems to be a separate question, but the first thing I would check is if is X11Forwarding permitted by the sshd_config on cm-db-ldev01?

I find all of this behavior erratic and unreliable.

Indeed. But I think that the erratic and unreliable thing is the networked file system, not ssh.

Volunteer Cygwin/X X Server maintainer

Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply via email to