I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

This happens on the remote machines being both a Mga5 and a Mga7
machine. On the other hand, on another Mga6 machine I get no such
warning, and forwarding works. I cannot see the difference between the
three machines. That it works on some remote machines and not others
suggests it is some problem with the setu of those machines, not the
local machine. But I cannot see any differences between them.

Note that if I log into the Mga5 system from the working mga6 system,
x11 forwarding works.

Any hints as to where to look?



--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Thu, 25 Jul 2019 09:39:58 -0000 (UTC), William Unruh wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

This happens on the remote machines being both a Mga5 and a Mga7
machine. On the other hand, on another Mga6 machine I get no such
warning, and forwarding works. I cannot see the difference between the
three machines. That it works on some remote machines and not others
suggests it is some problem with the setu of those machines, not the
local machine. But I cannot see any differences between them.

Note that if I log into the Mga5 system from the working mga6 system,
x11 forwarding works.

Any hints as to where to look?

First thing I would try is xhost.

A quick grep through my .bashrc shows I have
set_xhost +$(hostname --fqdn) > /dev/null 2>&1

Looking in my set_xhosts script, it checks to see if not already there,
add it.


_cnt=$(xhost | grep --count $1)
if [ $_cnt -eq 0 ] ; then
xhost +$1 > /dev/null 2>&1 &
fi

I also noticed any of my ssh scripts run the command prior to running ssh.

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Thu, 25 Jul 2019 09:39:58 -0000 (UTC), William Unruh wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

This happens on the remote machines being both a Mga5 and a Mga7
machine. On the other hand, on another Mga6 machine I get no such
warning, and forwarding works. I cannot see the difference between the
three machines. That it works on some remote machines and not others
suggests it is some problem with the setu of those machines, not the
local machine. But I cannot see any differences between them.

Note that if I log into the Mga5 system from the working mga6 system,
x11 forwarding works.

Any hints as to where to look?

First thing I would try is xhost.

A quick grep through my .bashrc shows I have
set_xhost +$(hostname --fqdn) > /dev/null 2>&1

Looking in my set_xhosts script, it checks to see if not already there,
add it.

_cnt=$(xhost | grep --count $1)
if [ $_cnt -eq 0 ] ; then
xhost +$1 > /dev/null 2>&1 &
fi

I also noticed any of my ssh scripts run the command prior to running ssh.

If I run xhost on both the Mga6 ( which accepts x11 forwarding from my
laptop) and the Mga7 machine ( which does not accept x11 forwarding from
my laptop but does from the Mga6 machine) both have the same output of
xhost

access control enabled, only authorized clients can connect
INET:localhost
SI:localuser:unruh


So, no difference there.


--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Assuming you've googled this and read through something like:


https://serverfault.com/questions/273847/what-does-warning-untrusted-x11-forwar ding-setup-failed-xauth-key-data-not-ge

-- HASM

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, William Unruh <unruh@invalid.ca> wrote:

On 2019-07-25, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Thu, 25 Jul 2019 09:39:58 -0000 (UTC), William Unruh wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

This happens on the remote machines being both a Mga5 and a Mga7
machine. On the other hand, on another Mga6 machine I get no such
warning, and forwarding works. I cannot see the difference between the
three machines. That it works on some remote machines and not others
suggests it is some problem with the setu of those machines, not the
local machine. But I cannot see any differences between them.

Note that if I log into the Mga5 system from the working mga6 system,
x11 forwarding works.

Any hints as to where to look?

First thing I would try is xhost.

A quick grep through my .bashrc shows I have
set_xhost +$(hostname --fqdn) > /dev/null 2>&1

Looking in my set_xhosts script, it checks to see if not already there,
add it.


_cnt=$(xhost | grep --count $1)
if [ $_cnt -eq 0 ] ; then
xhost +$1 > /dev/null 2>&1 &
fi

I also noticed any of my ssh scripts run the command prior to running ssh.

If I run xhost on both the Mga6 ( which accepts x11 forwarding from my laptop) and the Mga7 machine ( which does not accept x11 forwarding from
my laptop but does from the Mga6 machine) both have the same output of
xhost

access control enabled, only authorized clients can connect
INET:localhost
SI:localuser:unruh

So, no difference there.

Just to make sure the problem is not xhost related, you want
to run 'xhost +' and see what happens.

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: SDF Public Access UNIX System, Est. 1987 (2:250/1@fidonet)

On Thu, 25 Jul 2019 05:39:58 -0400, William Unruh <unruh@invalid.ca> wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Check the ssh settings. On the system you're connecting from
# grep -v ^'#' /etc/ssh/ssh_config|grep X11
ForwardX11 yes
ForwardX11Trusted yes

On the system you're connecting to ...
# grep -v ^'#' /etc/ssh/sshd_config|grep X11
X11Forwarding yes

Regards, Dave Hodgins

--
Change dwhodgins@nomail.afraid.org to davidwhodgins@teksavvy.com for
email replies.

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On Thu, 25 Jul 2019 05:39:58 -0400, William Unruh <unruh@invalid.ca> wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Check the ssh settings. On the system you're connecting from
# grep -v ^'#' /etc/ssh/ssh_config|grep X11
ForwardX11 yes
ForwardX11Trusted yes

On the system you're connecting to ...
# grep -v ^'#' /etc/ssh/sshd_config|grep X11
X11Forwarding yes

Regards, Dave Hodgins

Also also maybe /etc/hosts.allow and /etc/hosts.deny

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: SDF Public Access UNIX System, Est. 1987 (2:250/1@fidonet)

On 2019-07-25, HASM <hasm@example.invalid> wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Assuming you've googled this and read through something like:

https://serverfault.com/questions/273847/what-does-warning-untrusted-x11-forwar ding-setup-failed-xauth-key-data-not-ge

-- HASM

I am running Linux (Mageia) on all machines, not Apple OSX

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On Thu, 25 Jul 2019 05:39:58 -0400, William Unruh <unruh@invalid.ca> wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Check the ssh settings. On the system you're connecting from
# grep -v ^'#' /etc/ssh/ssh_config|grep X11
ForwardX11 yes
ForwardX11Trusted yes

Yup

On the system you're connecting to ...
# grep -v ^'#' /etc/ssh/sshd_config|grep X11
X11Forwarding yes

Yup, on both machines (the working one and the non-working (warning
generated) one.

Regards, Dave Hodgins

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, Fenris <fenris@invalid.invalid> wrote:

On 2019-07-25, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On Thu, 25 Jul 2019 05:39:58 -0400, William Unruh <unruh@invalid.ca> wrote: >>

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Check the ssh settings. On the system you're connecting from
# grep -v ^'#' /etc/ssh/ssh_config|grep X11
ForwardX11 yes
ForwardX11Trusted yes

On the system you're connecting to ...
# grep -v ^'#' /etc/ssh/sshd_config|grep X11
X11Forwarding yes

Regards, Dave Hodgins

Also also maybe /etc/hosts.allow and /etc/hosts.deny

ssh "works" -- ie connects. It just does not forward x11.



--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, William Unruh <unruh@invalid.ca> wrote:

On 2019-07-25, HASM <hasm@example.invalid> wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Assuming you've googled this and read through something like:

https://serverfault.com/questions/273847/what-does-warning-untrusted-x11-forwar ding-setup-failed-xauth-key-data-not-ge

-- HASM

I am running Linux (Mageia) on all machines, not Apple OSX

Once I had that problem, too.
I can't remember it corectly but I think it was xauth related. I think I had to
install xauth to make it work. Note, on some repositories its the "xorg-x11-xauth"
package.
Good luck!

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: SDF Public Access UNIX System, Est. 1987 (2:250/1@fidonet)

On Thu, 25 Jul 2019 16:29:34 -0400, William Unruh <unruh@invalid.ca> wrote:

ssh "works" -- ie connects. It just does not forward x11.

On the machine you're connecting to, delete ~/.Xauthority then start
any X application such as kcalc. It should recreate the file and
hopefully work.

Regards, Dave Hodgins

--
Change dwhodgins@nomail.afraid.org to davidwhodgins@teksavvy.com for
email replies.

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 25/07/2019 22.27, William Unruh wrote:

On 2019-07-25, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On the system you're connecting to ...
# grep -v ^'#' /etc/ssh/sshd_config|grep X11
X11Forwarding yes

Yup, on both machines (the working one and the non-working (warning generated) one.

That configuration is for the remote machine, not the machine from where
you connect.

I would suggest you try out the -Y option for ssh, should work better
than -X.

--

//Aho

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1@fidonet)

William Unruh <unruh@invalid.ca> writes:

Assuming you've googled this and read through something like:
https://serverfault.com/questions/273847/what-does-warning-untrusted-x11-forwar ding-setup-failed-xauth-key-data-not-ge

I am running Linux (Mageia) on all machines, not Apple OSX

Forward with -Y instead of -X, and making sure xauth works, as
suggested in that post, should be OS independent things to check.
We're talking X11 and ssh ports that should work very similarly.

-- HASM

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Thu, 25 Jul 2019 20:29:34 -0000 (UTC), William Unruh wrote:

ssh "works" -- ie connects. It just does not forward x11.

I would make sure all files are owned by user on both machines.
find $HOME \( -not -user $USER -or -not -group $USER \) -exec ls -al '{}' \; and permission 600 on ~/.Xauthority

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, Fenris <fenris@invalid.invalid> wrote:

On 2019-07-25, William Unruh <unruh@invalid.ca> wrote:

On 2019-07-25, HASM <hasm@example.invalid> wrote:

I am having problems on some of my machines with X11 forwarding not
working. I get the error message when I log in with ssh
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Assuming you've googled this and read through something like:

https://serverfault.com/questions/273847/what-does-warning-untrusted-x11-forwar ding-setup-failed-xauth-key-data-not-ge

-- HASM

I am running Linux (Mageia) on all machines, not Apple OSX

Once I had that problem, too.
I can't remember it corectly but I think it was xauth related. I think I had

to

install xauth to make it work. Note, on some repositories its the

"xorg-x11-xauth"

package.
Good luck!

All three have xauth installed (as does the remote laptop)



--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-25, HASM <hasm@example.invalid> wrote:

William Unruh <unruh@invalid.ca> writes:

Assuming you've googled this and read through something like:
https://serverfault.com/questions/273847/what-does-warning-untrusted-x11-forwar ding-setup-failed-xauth-key-data-not-ge

I am running Linux (Mageia) on all machines, not Apple OSX

Forward with -Y instead of -X, and making sure xauth works, as
suggested in that post, should be OS independent things to check.
We're talking X11 and ssh ports that should work very similarly.

OK, that worked and it put me on the tack of the sulutions.

The problem was that the ForwardX11Trusted linein the sample ssh_config
file came after the Host lines which make me assume that was correct
order. It is not. I had put in some lines like
Host Mga7*
port 1234

entries since I am using non standard ssh ports. Apparently this meant
that the ForwardX11Trusted line applied to only the very last Host
entry. Moving the ForwardX11Trusted line before any of the Host lines
fixed the problem. Bug in Mageia/openssh sample ssh_config file.

Thanks to all who tried to help.









--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Fri, 26 Jul 2019 09:17:18 -0000 (UTC), William Unruh wrote:

The problem was that the ForwardX11Trusted linein the sample ssh_config
file came after the Host lines which make me assume that was correct
order. It is not. I had put in some lines like
Host Mga7*
port 1234

entries since I am using non standard ssh ports. Apparently this meant
that the ForwardX11Trusted line applied to only the very last Host
entry. Moving the ForwardX11Trusted line before any of the Host lines
fixed the problem. Bug in Mageia/openssh sample ssh_config file.

Thanks to all who tried to help.

Now that you have made the fix, I am curious if there is a sshd reject
message in the journal and if so, what the message was logged.

Would you get a root terminal on the rejecting node and run
journalctl | grep -i ssh
and post the message, Please.

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2019-07-26, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Fri, 26 Jul 2019 09:17:18 -0000 (UTC), William Unruh wrote:

The problem was that the ForwardX11Trusted linein the sample ssh_config
file came after the Host lines which make me assume that was correct
order. It is not. I had put in some lines like
Host Mga7*
port 1234

entries since I am using non standard ssh ports. Apparently this meant
that the ForwardX11Trusted line applied to only the very last Host
entry. Moving the ForwardX11Trusted line before any of the Host lines
fixed the problem. Bug in Mageia/openssh sample ssh_config file.

Thanks to all who tried to help.

Now that you have made the fix, I am curious if there is a sshd reject message in the journal and if so, what the message was logged.

Would you get a root terminal on the rejecting node and run
journalctl | grep -i ssh
and post the message, Please.

Somehow I think you might get upset having a 200MB file posted here.

Besides there is nothing there that shows anything.

The ssh connection was not rejected. It was the forwarding that was
rejected.

But here is a sample from the time during which forwarding was not
accepted

Jul 23 12:34:44 t.s.c.a sshd[18873]: Accepted publickey for unruh from 95.xxx.xxx.xxx port 41852 ssh2: RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Jul 23 12:34:44 t.s.c.a sshd[18873]: pam_unix(sshd:session): session opened for user unruh by (uid=0)

Not very helpful



--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Fri, 26 Jul 2019 16:39:27 -0000 (UTC), William Unruh wrote:

The ssh connection was not rejected. It was the forwarding that was
rejected.

Yeah, but I was hoping for any useful message about forwarding.

But here is a sample from the time during which forwarding was not
accepted

Jul 23 12:34:44 t.s.c.a sshd[18873]: Accepted publickey for unruh from

95.xxx.xxx.xxx port 41852 ssh2: RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Jul 23 12:34:44 t.s.c.a sshd[18873]: pam_unix(sshd:session): session opened

for user unruh by (uid=0)

Not very helpful

I agree.

--- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)