These are the ramblings of Matthijs Kooijman, concerning the software he hacks on, hobbies he has and occasionally his personal life.
Most content on this site is licensed under the WTFPL, version 2 (details).
Questions? Praise? Blame? Feel free to contact me.
My old blog (pre-2006) is also still available.
See also my Mastodon page.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
(...), Arduino, AVR, BaRef, Blosxom, Book, Busy, C++, Charity, Debian, Electronics, Examination, Firefox, Flash, Framework, FreeBSD, Gnome, Hardware, Inter-Actief, IRC, JTAG, LARP, Layout, Linux, Madness, Mail, Math, MS-1013, Mutt, Nerd, Notebook, Optimization, Personal, Plugins, Protocol, QEMU, Random, Rant, Repair, S270, Sailing, Samba, Sanquin, Script, Sleep, Software, SSH, Study, Supermicro, Symbols, Tika, Travel, Trivia, USB, Windows, Work, X201, Xanthe, XBee
&
(With plugins: config, extensionless, hide, tagging, Markdown, macros, breadcrumbs, calendar, directorybrowse, feedback, flavourdir, include, interpolate_fancy, listplugins, menu, pagetype, preview, seemore, storynum, storytitle, writeback_recent, moreentries)
Valid XHTML 1.0 Strict & CSS
This morning, I was trying to enable X forwarding, to run applications on my
server (where I have GHC available) to my local workstation (where I have
an X server running). The standard way to do this, is to use SSH with
the -X option. However, this didn't work for me:
mkooijma@ewi1246:~> ssh -X kat
Last login: Wed May 20 13:48:13 2009 from ewi1246.ewi.utwente.nl
matthijs@katherina:~$ xclock
X11 connection rejected because of wrong authentication.
Running ssh with -vvv showed me another hint:
debug2: X11 connection uses different authentication protocol.
It turned out this problem was caused by some weird entries in my
.Xauthority file, which contains tokens to authenticate to X servers. The
entries in the file can be queried with the xauth command:
matthijs@katherina:~$ xauth list
#ffff##: MIT-MAGIC-COOKIE-1 00000000000000000000000000000000
#ffff##: XDM-AUTHORIZATION-1 00000000000000000000000000000000
localhost/unix:10 MIT-MAGIC-COOKIE-1 00000000000000000000000000000000
(I replaced the actual authentication keys with zeroes here). The last entry is the useful one. It is the proxy key added by ssh when I logged in. That is the one it should send over the ssh forwarded X connection (where ssh will replace it with the actual key, this is called authentication spoofing). However, I found that for some reason X clients were sending the XDM-AUTHORIZATION-1 key instead (hence the "different authentication protocol" message), causing the connection to fail.
I've solved the issue by removing the #ffff## entries from the .Xauthority
file (but since I couldn't just run xauth remove #ffff#, I turned it around
by readding only the one I wanted:
matthijs@katherina:~$ rm ~/.Xauthority
matthijs@katherina:~$ xauth add localhost/unix:10 MIT-MAGIC-COOKIE-1 00000000000000000000000000000000
I'm still not sure what these #ffff## entries do or mean (I suspect xdm has
added them, since I am running xdm on this machine), but I've made inquiries
on the xorg list.
As a last note: If you want to use X forwarding and enable the GLX protocol
extensions for OpenGL rendering, you need to disable security checks in
the X forwarding, by running ssh -Y instead of ssh -X.
Comments are closed for this story.