HI all!
Strange problem that began occurring in last few weeks.
Centos 5.4, up to date. I sometimes log in remotely via ssh using "ssh -X" and read mail via mutt. Now and then I want to use balsa instead.
This has always worked (for years) though it's kinda slow... but in the last few weeks it has begun failing and spewing errors like this, repeatedly, apparently forever until I enter ^C:
$ balsa Bonobo accessibility support initialized GTK Accessibility Module initialized X11 connection rejected because of wrong authentication.
** ERROR **: Accessibility app error: exception during registry activation from id: IDL:Bonobo/GeneralError:1.0
aborting...
It happens from two different linux boxen (one running Fedora 12, the other running Centos 5.4) so I gather it's something weird on the host rather than the client.
BTW, it works fine when I'm logged in to to the host's X11 GUI directly from the machine.
I've got no clue, can any of you shed any light on this please?
Thanks in advance!
On Wed, Apr 28, 2010, fred smith wrote:
HI all!
Strange problem that began occurring in last few weeks.
Centos 5.4, up to date. I sometimes log in remotely via ssh using "ssh -X" and read mail via mutt. Now and then I want to use balsa instead.
Try ``ssh -Y'' instead of ``ssh -X'' and/or put this in your ssh_config file:
ForwardX11Trusted yes
Bill
On 4/28/2010 2:39 PM, Bill Campbell wrote:
On Wed, Apr 28, 2010, fred smith wrote:
HI all!
Strange problem that began occurring in last few weeks.
Centos 5.4, up to date. I sometimes log in remotely via ssh using "ssh -X" and read mail via mutt. Now and then I want to use balsa instead.
Try ``ssh -Y'' instead of ``ssh -X'' and/or put this in your ssh_config file:
ForwardX11Trusted yes
Does anyone know what trusted actually means in this context?
On Wed, 28 Apr 2010, Les Mikesell wrote:
ForwardX11Trusted yes
Does anyone know what trusted actually means in this context?
From the xauth(1) man page:
If the trusted option is used, clients that connect using this authorization will have full run of the display, as usual. If untrusted is used, clients that connect using this authorization will be considered untrusted and prevented from stealing or tampering with data belonging to trusted clients. See the SECURITY extension specification for full details on the restrictions imposed on untrusted clients. The default is untrusted.
Anecdotally, I've seen the mismatch symptoms most clearly when running multipane applications. I *think* the dynamic is that one pane holds keyboard/mouse focus, another pane cannot take it.
I haven't seen many folks come to the defense of the X Security Extension, so I'm unsure if there's any real risk to enabling ForwardX11Trusted anywhere you'd normally ForwardX11 anyway.
The reference document:
http://refspecs.freestandards.org/X11/security.pdf
-
Bill Campbell -
fred smith -
Les Mikesell -
Paul Heinlein