On Tue, Jan 18, 2000 at 10:21:02AM +0100, Wouter Hanegraaff wrote: > I have three computers, two running slink and one running potato. The > slink boxes have the old ssh, and the potato box has openssh. > > When I log into the potato box from one of the slink boxes, x11 > forwarding doesn't work at all. When I do ssh -v sushi xterm (sushi is > the potato box) I get the following (after a lot of other messages): > > daria: X11 connection uses different authentication protocol: > 'MIT-MAGIC-COOKIE-1' vs. ''. > X11 connection rejected because of wrong authentication at Tue Jan 18 > 10:09:48 2000. > > What exactly does this mean, and how can I solve this?
i have the same problem, too. For ssh, either the client or server (i forget which, i think the client) stores the real X authority information that allows you to connect. All the applications you run use a fake authority, which is replaced with the real one the X server expects as it goes through the ssh connection. openssh sets up the fake xauth data for hostname:10 (a tcp style socket), but not for hostname/unix:10 (a unix domain socket). If the X applications determine they're communicating with the local host, they use unix domain for various reasons. But since there's no unix domain authority data, they send no authorization and the connection is refused. One way to fix it is to do an "xauth list", and then xauth add that same data for the unix style: $ xauth list anomie.local:10 MIT-MAGIC-COOKIE-1 xxxxxxxxxxxxxxxxxxxxxxxx $ xauth add anomie/unix:10 MIT-MAGIC-COOKIE-1 xxxxxxxxxxxxxxxxxxxxxxxx You could also patch openssh to make it do this automatically (which is what i do), update the changelog, and rebuild the deb. It only requires 2 lines added to sshd.c: one to use strchr to find the colon and a second to fprintf the data (i use the * precision specifier and pointer arithmetic to pull out the hostname from "display"). i'd dig out the patch if i had more time ;) -- finger for GPG public key. 8 Jan 2000 - Old email addresses removed from key, new added
pgphqBgCDRsv5.pgp
Description: PGP signature
