X11 转发问题 - 身份验证错误

tag-icon tag-icon ssh x11
X11 转发问题 - 身份验证错误

我正在尝试在我的家庭服务器上通过 SSH 配置 X11 转发。

服务器正在moonraker无头配置中运行 Debian Jessie(主机名)。

我的客户端运行的是 OS X 10.10。我之前在这个客户端上使用过其他服务器上的 X11 转发,所以我不认为问题出在我的 Mac 上。

运行后我收到的确切错误消息xclock是:

X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0

经过一番谷歌搜索后,我验证了以下内容:

1)$ ls -lA ~/.Xauthority

-rw------- 1 ssunder ssunder 55 Sep 21 21:53 /home/ssunder/.Xauthority

2)$ grep X11 /etc/ssh/sshd_config

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

3)我的客户~/.ssh/config包含:

ForwardX11 yes
ForwardX11Trusted yes

4)$ xauth list

moonraker/unix:10  MIT-MAGIC-COOKIE-1  d7e2e4a8c5aa4430bfcc2abb436940d2

5)sshd以调试级别 2 运行:# cat /var/log/auth.log | grep sshd | tail -n 100 | less

Sep 21 22:19:57 moonraker sshd[20089]: debug1: X11 connection requested.
Sep 21 22:19:57 moonraker sshd[20089]: debug2: fd 10 setting TCP_NODELAY
Sep 21 22:19:57 moonraker sshd[20089]: debug2: fd 10 setting O_NONBLOCK
Sep 21 22:19:57 moonraker sshd[20089]: debug1: channel 3: new [X11 connection from ::1 port 34632]
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: open confirm rwindow 2097152 rmax 16384
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: rcvd eof
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: output open -> drain
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: obuf empty
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: close_write
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: output drain -> closed
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: rcvd close
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: close_read
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: input open -> closed
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: send close
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: is dead
Sep 21 22:19:57 moonraker sshd[20089]: debug2: channel 3: garbage collecting
Sep 21 22:19:57 moonraker sshd[20089]: debug1: channel 3: free: X11 connection from ::1 port 34632, nchannels 4

知道我还应该检查什么吗?

答案1

如果您服务器上的用户有自定义.ssh/rc文件,或者您有非标准/etc/ssh/sshrc文件,则 xauth 内容将无法正确设置。

sshd手册页:

 If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
 files but before starting the user's shell or command.  It must not pro‐
 duce any output on stdout; stderr must be used instead.  If X11 forward‐
 ing is in use, it will receive the "proto cookie" pair in its standard
 input (and DISPLAY in its environment).  The script must call xauth(1)
 because sshd will not run xauth automatically to add X11 cookies.

如果您需要自定义rc文件,只需将其添加到其中,也可以从手册页中添加:

    if read proto cookie && [ -n "$DISPLAY" ]; then
            if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
                    # X11UseLocalhost=yes
                    echo add unix:`echo $DISPLAY |
                        cut -c11-` $proto $cookie
            else
                    # X11UseLocalhost=no
                    echo add $DISPLAY $proto $cookie
            fi | xauth -q -
    fi

答案2

遇到此错误消息时,首先应检查磁盘是否已满。

当磁盘已满时,SSH无法将密钥添加到.Xauthority.这会导致身份验证错误。

相关内容