On 10.02.21 08:29, Thomas Lamprecht wrote:
> On 09.02.21 19:21, Dietmar Maurer wrote:
>> On 09.02.21 16:45, Aaron Lauterer wrote:
>>> When installing the ha-simulator on a PVE node to start it via ssh with
>>> x11 forwarding, the xauth package helps to avoid `Unable to init server:
>>> Could not connect: Connection refused` errors.
>>
>> This is true for anything. X11 forwarding simply works that way. So I am
>> quite unsure if we should add xauth here...> > Or is this a common practice
>> (I am unaware of)?
>
> Not really, but there are not much programs which are primarily run over
> SSH forwarding I know either.
>
> If one really wants an active warning one could do a check like:
>
> defined($ENV{'SSH_CONNECTION'}) && !(-x /usr/bin/xauth || -x /bin/xauth)
>
> A bit crude but could work, and could be used to print out a early warning.
After short talk with Dietmar we came to the conclusion that this is far
harder to tell and neither configuring a dependency to xauth nor checking
if it's exist at runtime really guarantees anything and is not really
a hard coded must (you can allow unauthenticated forwarding where xauth
is not required).
At least `/etc/ssh/sshd_config` must also be configured correctly.
I'd add the latter to my proposed wording in the docs patch, IMO there's
really the best place to handle this.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
