openssh: ssh client: xauth path is invalid - "/usr/X11R6/bin/xauth"

OpenSubmitted by Danny Milosavljevic.
Details
2 participants
  • Danny Milosavljevic
  • Ludovic Courtès
Owner
unassigned
Severity
normal
D
D
Danny Milosavljevic wrote on 19 Apr 2016 22:39
(address . bug-guix@gnu.org)
20160419223929.54f33b36@scratchpost.org
$ ssh -X daya20Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Because:
$ strings $(which ssh) |grep /xauth/usr/X11R6/bin/xauth%s/xauthfile
However,
$ which xauth/home/dannym/.guix-profile/bin/xauth
Adding the following and rebuilding doesn't help either (for some reason):
Toggle diff (26 lines)diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scmindex b8f107b..d85124b 100644--- a/gnu/packages/ssh.scm+++ b/gnu/packages/ssh.scm@@ -35,6 +35,7 @@ #:autoload (gnu packages boost) (boost) #:use-module (gnu packages base) #:use-module (gnu packages tls)+ #:use-module (gnu packages xorg) #:use-module (gnu packages) #:use-module (guix packages) #:use-module (guix download)@@ -131,7 +132,8 @@ a server that supports the SSH-2 protocol.") (build-system gnu-build-system) (inputs `(("groff" ,groff) ("openssl" ,openssl)- ("zlib" ,zlib)))+ ("zlib" ,zlib)+ ("xauth" ,xauth))) (arguments `(#:test-target "tests" #:phases
But $ ssh -o XAuthLocation=$(which xauth) daya20works.
D
D
Danny Milosavljevic wrote on 28 Apr 2016 07:30
(address . 23317@debbugs.gnu.org)
20160428073041.36eb3e93@scratchpost.org
But
$ ssh -Y -o XAuthLocation=$(which xauth) daya20
works without the patch.
And
$ ssh -Y daya20
works with the patch.
But
$ ssh -X daya20
never works, with or without the patch. Huh.
L
L
Ludovic Courtès wrote on 1 Aug 2016 11:51
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 23317@debbugs.gnu.org)
87eg68u8ai.fsf@gnu.org
Hi!
Danny Milosavljevic <dannym@scratchpost.org> skribis:
Toggle quote (12 lines)> But>> $ ssh -Y -o XAuthLocation=$(which xauth) daya20>> works without the patch.>> And>> $ ssh -Y daya20>> works with the patch.
I pushed the patch as commit 683a4a34cd4a565cbdb0b46a326e30795657814c.This increases the closure size of OpenSSH from 89 to 118┬áMiB (+33%),but I think it’s a useful addition.
Toggle quote (6 lines)> But>> $ ssh -X daya20>> never works, with or without the patch. Huh.
I’ve straced “ssh -X”, and it shows that xauth fails like this:
Toggle snippet (8 lines)4742 write(2, "/gnu/store/86f0c3h99sl9z4x4w30hfy33i7nv2ik9-xauth-1.0.9/bin/xauth: (argv):1: ", 78) = 784742 write(2, "couldn't query Security extension on display \":0.0\"\n", 52) = 524742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-c") = 04742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-l") = 04742 umask(022) = 0774742 exit_group(1) = ?
This is because the SECURITY extension are disabled in our xorg-serverpackage. We could configure it with --enable-xcsecurity, but upstreamdisables it by default and it seems to be deprecated:
https://www.x.org/wiki/Development/Documentation/Security/
Thoughts?
Ludo’.
?