From nobody@FreeBSD.org  Wed Dec 13 07:50:48 2000
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id EF38A37B402
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 13 Dec 2000 07:50:47 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id eBDFolu98121;
	Wed, 13 Dec 2000 07:50:47 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200012131550.eBDFolu98121@freefall.freebsd.org>
Date: Wed, 13 Dec 2000 07:50:47 -0800 (PST)
From: peter@mutsaers.com
Sender: nobody@FreeBSD.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: sshd creates empty X11 auth cookies file when ~/.ssh/rc exists
X-Send-Pr-Version: www-1.0

>Number:         23523
>Category:       bin
>Synopsis:       sshd creates empty X11 auth cookies file when ~/.ssh/rc exists
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 13 08:00:00 PST 2000
>Closed-Date:    Thu Dec 14 03:30:39 PST 2000
>Last-Modified:  Thu Dec 14 03:31:33 PST 2000
>Originator:     peter@mutsaers.com
>Release:        4.2-stable
>Organization:
>Environment:
FreeBSD muon.mutsaers.com 4.2-STABLE FreeBSD 4.2-STABLE #1: Sat Dec  2 09:52:07 CET 2000     plm@muon.mutsaers.com:/usr/src/sys/compile/MUON  i386
>Description:
See one line summary
>How-To-Repeat:
Create (empty) ~/.ssh/rc on the sshd server.
Login from a ssh client with -v -X (X11 connection forwarding).
Opening X11 clients won't work because of "different authentication" protocols, error caused by the invalid (empty) cookies file.
>Fix:
?? Upgrade to OpenSSH 2.3.0p1?
I don't know whether this has been fixed or not, neither whether this bug is general openssh or FreeBSD specific.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: dwmalone 
State-Changed-When: Wed Dec 13 09:58:28 PST 2000 
State-Changed-Why:  
I believe this the the documented behaviour of sshd - I'll close 
the PR shortly if this seems reasonable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=23523 

From: David Malone <dwmalone@maths.tcd.ie>
To: peter@mutsaers.com
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/23523: sshd creates empty X11 auth cookies file when ~/.ssh/rc exists
Date: Wed, 13 Dec 2000 17:56:36 +0000

 On Wed, Dec 13, 2000 at 07:50:47AM -0800, peter@mutsaers.com wrote:
 
 > Login from a ssh client with -v -X (X11 connection forwarding).
 > Opening X11 clients won't work because of "different authentication" protocols, error caused by the invalid (empty) cookies file.
 
 This is the (rather weird) documented behavior of these rc files
 see sshd(8).  The xauth info is passed on stdin and then it's the
 rc script's job to deal with it. We do the following in /etc/ssh/sshrc:
 
 #!/bin/sh
 PATH="/usr/X11R6/bin:$PATH"
 if [ -n "$DISPLAY" ] && read proto cookie; then
 	echo add $DISPLAY $proto $cookie | xauth -q -
 	if [ -n "$XAUTHORITY" ] ; then
 		sshauthorityfile="$XAUTHORITY"
 		unset XAUTHORITY
 		xauth merge "$sshauthorityfile"
 	fi
 fi
 
 This writes the cookie into the xauth file in people's home
 directories, which we expect for our local setup.
 
 	David.
 
State-Changed-From-To: feedback->closed 
State-Changed-By: dwmalone 
State-Changed-When: Thu Dec 14 03:30:39 PST 2000 
State-Changed-Why:  
Submitter is happy that this is the documented behaviour. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=23523 
>Unformatted:
