Bug 733

Summary: ssh doing xauth stuff even when it can't access local .Xauthority file
Product: Portable OpenSSH Reporter: stevebalm2000
Component: sshAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED WORKSFORME    
Severity: normal    
Priority: P2    
Version: -current   
Hardware: UltraSPARC   
OS: Solaris   

Description stevebalm2000 2003-10-08 02:50:45 AEST 
I recently upgraded to v3.7.1p2 and now when I su to root and ssh to another
host as root, I get a warning "Warning: No xauth data; using fake authentication
data for X11 forwarding."  I think this is because root is unable to access my
regular user account's .Xauthority file (homedir is on root-squashed NFS server).

When I run "ssh -x" I don't get this error message.  Did older versions of ssh
not try to do X11 forwarding if they couldn't access the local .Xauthority file?
   Is this a bug?

I have "ForwardX11 yes" set in ssh_config.  I can post the full config if that
would be helpful.  Also I can post debug output from client or server.
Comment 1 Darren Tucker 2004-05-12 14:42:07 AEST 
Do you have UsePrivilegeSeparation enabled?  If not, does enabling it make any
difference?
Comment 2 Darren Tucker 2005-02-09 21:13:50 AEDT 
Took another look: it's just a warning (and thus will be suppressed with "ssh
-q" or "LogLevel QUIET" in a config file).  From the code in question (ssh.c):

/*
 * If we didn't get authentication data, just make up some
 * data.  The forwarding code will check the validity of the
 * response anyway, and substitute this data.  The X11
 * server, however, will ignore this fake data and use
 * whatever authentication mechanisms it was using otherwise
 * for the local connection.
 */

So, yes, it's probably due to your .Xauthority not being readable but it's not
anything to worry about (and there's nothing much that ssh could do about it
anyway...)
Comment 3 Darren Tucker 2006-10-07 11:36:02 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.