Hello,
today I faced the following problem:
Some of my panel entries do not work. Investigation on the command line level shows that every second ssh call doesn't work. But why?
[frank@siffux ~]$ ssh christo "mate-terminal&" & [1] 15817
This command brings up a window running mate terminal
[frank@siffux ~]$ ssh christo "mate-terminal&" & [2] 15827 [frank@siffux ~]$ X11 connection rejected because of wrong authentication. Failed to parse arguments: Cannot open display:
This is the error behaviour.
What's going on? How to solve the problem?
Happy New Year, Frank
On 10.1.2023 14.28, Frank Elsner via users wrote:
Hello,
today I faced the following problem:
Some of my panel entries do not work. Investigation on the command line level shows that every second ssh call doesn't work. But why?
[frank@siffux ~]$ ssh christo "mate-terminal&" & [1] 15817
This command brings up a window running mate terminal
[frank@siffux ~]$ ssh christo "mate-terminal&" & [2] 15827 [frank@siffux ~]$ X11 connection rejected because of wrong authentication. Failed to parse arguments: Cannot open display:
This is the error behaviour.
What's going on? How to solve the problem?
I don't know how to solve the problem but can confirm that I have the same one. From what I have deducted so far is that sshd in F36 and F37 generates new xauth token and replaces the old one every time new connection is opened. I can fix the problem by running xauth list after the first connection and then xauth add with the data from xauth list to restore the original authentication token every time new connection is created.
One might make a hack with /etc/ssh/sshrc or .ssh/rc to muck with the tokens, but I am not sure it's a good fix on the long run. Would be nice to know what changed from F35, but I don't unfortunately have any installed anymore.
-vpk
Additional troubleshooting should include including '-vvvv' for the ssh command invocation.
On Tuesday, January 10, 2023 at 12:23:51 PM EST, Veli-Pekka Kestilä fedora@guagua.fi wrote:
On 10.1.2023 14.28, Frank Elsner via users wrote:
Hello,
today I faced the following problem:
Some of my panel entries do not work. Investigation on the command line level shows that every second ssh call doesn't work. But why?
[frank@siffux ~]$ ssh christo "mate-terminal&" & [1] 15817
This command brings up a window running mate terminal
[frank@siffux ~]$ ssh christo "mate-terminal&" & [2] 15827 [frank@siffux ~]$ X11 connection rejected because of wrong authentication. Failed to parse arguments: Cannot open display:
This is the error behaviour.
What's going on? How to solve the problem?
I don't know how to solve the problem but can confirm that I have the same one. From what I have deducted so far is that sshd in F36 and F37 generates new xauth token and replaces the old one every time new connection is opened. I can fix the problem by running xauth list after the first connection and then xauth add with the data from xauth list to restore the original authentication token every time new connection is created.
One might make a hack with /etc/ssh/sshrc or .ssh/rc to muck with the tokens, but I am not sure it's a good fix on the long run. Would be nice to know what changed from F35, but I don't unfortunately have any installed anymore.
-vpk _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On 10Jan2023 18:25, Joe Wulf joe_wulf@yahoo.com wrote:
I don't know how to solve the problem but can confirm that I have the same one. From what I have deducted so far is that sshd in F36 and F37 generates new xauth token and replaces the old one every time new connection is opened.
An alternative is to use a persistent ssh connection, reusing the X11 token from before.
BTW, an incantation of:
ssh host 'x11-client &'
has some scope for dropping the ssh before the client hooks into X11 (thus keeping things open) _if_ the client closes its own output before connecting to X11. WHich on reflection would be vanishingly rare, since then it wouldn't get to report failure to connect :-)
Shouldn't the new xauth setup be just fine, though? THe sequence should be: - ssh in - xauth setup on host end - x11 client connect, _using that new xauth_
I find the xauth scenario a little unconvincing because of this. I'm not in a position to try to reproduce things though.
Cheers, Cameron Simpson cs@cskk.id.au
On 10.1.2023 20.25, Joe Wulf via users wrote:
Additional troubleshooting should include including '-vvvv' for the ssh command invocation.
This is the error, when trying to run XTerm after second ssh connection:
debug2: X11 auth data does not match fake data. X11 connection rejected because of wrong authentication. debug2: X11 rejected 1 i0/o0 debug2: channel 1: read failed
Link to the logs from invocations:
https://www.dropbox.com/s/mj1ppfmzdmn8vn2/ssh-errors.txt?dl=0
-vpk
-
Cameron Simpson -
Frank Elsner -
Joe Wulf -
Veli-Pekka Kestilä