Review:
My understanding was that this message was due to the lack of an
.Xauthority file:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Trying to generate one with
xauth generate $DISPLAY .
yielded:
xauth: (argv):1: couldn't query Security extension on display ":0"
lead me to the discovery that the security extension was not enabled in
the server. That's when I wrote the original posting.
Then I realized that I could go from one gentoo machine to the other,
just not in the other direction. The equery command told me both
servers were compiled with the same USE flags.
So, I captured the -vvv output from both ssh sessions and I see this:
151,152c161,165
< debug2: client_x11_get_proto: xauth command: /usr/bin/xauth -f
/tmp/ssh-xxxxxxxx/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted
timeout 1260 2>/dev/null
< Warning: untrusted X11 forwarding setup failed: xauth key data not
generated
---
> debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null
> Warning: No xauth data; using fake authentication data for X11
forwarding.
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug2: channel 0: request x11-req confirm 1
> debug3: send packet: type 98
If I interpret that correctly, one simply failed, and the other used
fake security. Someone subsequently mentioned that the -Y flag would
generate the .Xauthority file, which I tested and saw that that indeed
was true - although, the thusly generated .Xauthority file did *not*
allow a subsequent usage with -X. It's not clear to me at this point
why I'm configured on the one machine to allow fake security data, but I
intend to rebuild the servers with the security extensions enabled.
On 12/22/19 22:17, n952162 wrote:
xauth(1) says:
/if [the X server] does not support the SECURITY extension, the
[generate] command fails./
The xauth command is used to generate the .Xauthority file, which is
required for X11Forwarding.
But the Security Extension is not enabled by default:
- - xcsecurity : Build Security extension
but I don't find anybody asking why X11 forwarding doesn't work under
gentoo. What am I missing?
