Saturday, April 09, 2011
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
http://www.mail-archive.com/cygwin-xfree@cygwin.com/msg17927.html
Which means that ssh is going to use *trusted* X11 forwarding anyway,
because *untrusted* X11 forwarding depends on the Security (aka
XC-Security) extension, which has been disabled by default upstream.
Here's why:
Trusted X11 forwarding means that you trust the server that you wish to
ssh into is not using any keyloggers, screenshot utilities, packet
sniffers, or anything else to hijack your connection, in which case X11
will allow it to do whatever a local client would be able to do.
Untrusted X11 forwarding was meant to be a way to allow logins to
unknown or insecure systems. It generates a cookie with xauth and uses
the Security extension to limit what the remote client is allowed to do.
But this is widely considered to be not useful, because the Security
extension uses an arbitrary and limited access control policy, which
results in a lot of applications not working correctly and what is
really a false sense of security. This is true even today; I rebuilt
XWin with Security enabled and 'ssh -X' into my linux VM, and got
BadAccess errors from *any* GTK2 program. More on this subject:
http://www.openssh.com/faq.html#3.13
http://www.nsa.gov/selinuX/papers/x11/x93.html
Given the limited usefulness of untrusted X11 forwarding, *upstream* has
disabled it by default in favour of other security models, but it has
not yet been removed. So there are two options:
A) Leave things as they are now, with that warning advising people that
untrusted X11 forwarding is not available and that trusted mode is being
used instead. The warning can be silenced by using ssh -Y, since that
is what ssh -X is doing now anyway.
B) Re-enable the Security extension together with the openssh update,
and be swamped by questions that programs aren't running under ssh -X,
and have to tell everyone that ssh -X is generally broken anyway and
they should be using ssh -Y instead.
Unless someone can show me a case where something works correctly with
option (B) where it doesn't in (A), then I may reconsider, but otherwise
everyone now understands that the Security extension is not really
useful, not to be relied upon, and therefore is not available.
No comments:
Post a Comment