Bug 23523

Summary:	sshd creates empty X11 auth cookies file when ~/.ssh/rc exists
Product:	Base System	Reporter:	peter <peter>
Component:	bin	Assignee:	freebsd-bugs (Nobody) <bugs>
Status:	Closed FIXED
Severity:	Affects Only Me
Priority:	Normal
Version:	Unspecified
Hardware:	Any
OS:	Any

Description peter 2000-12-13 16:00:00 UTC

See one line summary

Fix: 

?? Upgrade to OpenSSH 2.3.0p1?
I don't know whether this has been fixed or not, neither whether this bug is general openssh or FreeBSD specific.
How-To-Repeat: Create (empty) ~/.ssh/rc on the sshd server.
Login from a ssh client with -v -X (X11 connection forwarding).
Opening X11 clients won't work because of "different authentication" protocols, error caused by the invalid (empty) cookies file.

Comment 1 dwmalone 2000-12-13 17:56:36 UTC

On Wed, Dec 13, 2000 at 07:50:47AM -0800, peter@mutsaers.com wrote:

> Login from a ssh client with -v -X (X11 connection forwarding).
> Opening X11 clients won't work because of "different authentication" protocols, error caused by the invalid (empty) cookies file.

This is the (rather weird) documented behavior of these rc files
see sshd(8).  The xauth info is passed on stdin and then it's the
rc script's job to deal with it. We do the following in /etc/ssh/sshrc:

#!/bin/sh
PATH="/usr/X11R6/bin:$PATH"
if [ -n "$DISPLAY" ] && read proto cookie; then
	echo add $DISPLAY $proto $cookie | xauth -q -
	if [ -n "$XAUTHORITY" ] ; then
		sshauthorityfile="$XAUTHORITY"
		unset XAUTHORITY
		xauth merge "$sshauthorityfile"
	fi
fi

This writes the cookie into the xauth file in people's home
directories, which we expect for our local setup.

	David.

Comment 2 dwmalone freebsd_committer

2000-12-13 17:58:28 UTC

State Changed
From-To: open->feedback

I believe this the the documented behaviour of sshd - I'll close 
the PR shortly if this seems reasonable.

Comment 3 dwmalone freebsd_committer

2000-12-14 11:30:39 UTC

State Changed
From-To: feedback->closed

Submitter is happy that this is the documented behaviour.