openssh: ssh client: xauth path is invalid

Danny Milosavljevic wrote on 19 Apr 2016 22:39

Recipients:(address . bug-guix@gnu.org)

Message-ID:20160419223929.54f33b36@scratchpost.org

$ ssh -X daya20Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Because:
$ strings $(which ssh) |grep /xauth/usr/X11R6/bin/xauth%s/xauthfile
However,
$ which xauth/home/dannym/.guix-profile/bin/xauth
Adding the following and rebuilding doesn't help either (for some reason):

Toggle diff (26 lines)diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scmindex b8f107b..d85124b 100644--- a/gnu/packages/ssh.scm+++ b/gnu/packages/ssh.scm@@ -35,6 +35,7 @@   #:autoload   (gnu packages boost) (boost)   #:use-module (gnu packages base)   #:use-module (gnu packages tls)+  #:use-module (gnu packages xorg)   #:use-module (gnu packages)   #:use-module (guix packages)   #:use-module (guix download)@@ -131,7 +132,8 @@ a server that supports the SSH-2 protocol.")    (build-system gnu-build-system)    (inputs `(("groff" ,groff)              ("openssl" ,openssl)-             ("zlib" ,zlib)))+             ("zlib" ,zlib)+             ("xauth" ,xauth)))    (arguments     `(#:test-target "tests"       #:phases
But  $ ssh -o XAuthLocation=$(which xauth) daya20works.

Danny Milosavljevic wrote on 28 Apr 2016 07:30

Recipients:(address . 23317@debbugs.gnu.org)

Message-ID:20160428073041.36eb3e93@scratchpost.org

But
$ ssh -Y -o XAuthLocation=$(which xauth) daya20
works without the patch.
And
$ ssh -Y daya20
works with the patch.
But
$ ssh -X daya20
never works, with or without the patch. Huh.

Ludovic Courtès wrote on 1 Aug 2016 11:51

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 23317@debbugs.gnu.org)

Message-ID:87eg68u8ai.fsf@gnu.org

Hi!
Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (12 lines)> But>>   $ ssh -Y -o XAuthLocation=$(which xauth) daya20>> works without the patch.>> And>>   $ ssh -Y daya20>> works with the patch.

I pushed the patch as commit 683a4a34cd4a565cbdb0b46a326e30795657814c.This increases the closure size of OpenSSH from 89 to 118 MiB (+33%),but I think it’s a useful addition.

Toggle quote (6 lines)

> But>> $ ssh -X daya20>> never works, with or without the patch. Huh.

I’ve straced “ssh -X”, and it shows that xauth fails like this:

Toggle snippet (8 lines)

4742 write(2, "/gnu/store/86f0c3h99sl9z4x4w30hfy33i7nv2ik9-xauth-1.0.9/bin/xauth: (argv):1: ", 78) = 784742 write(2, "couldn't query Security extension on display \":0.0\"\n", 52) = 524742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-c") = 04742 unlink("/tmp/ssh-FDByknME3mmd/xauthfile-l") = 04742 umask(022) = 0774742 exit_group(1) = ?

This is because the SECURITY extension are disabled in our xorg-serverpackage. We could configure it with --enable-xcsecurity, but upstreamdisables it by default and it seems to be deprecated:
https://www.x.org/wiki/Development/Documentation/Security/
Thoughts?
Ludo’.

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date

openssh: ssh client: xauth path is invalid - "/usr/X11R6/bin/xauth"