bug#5434: 23.1; Emacsclient fails with Rejected Authentication Over SSH

[Jan Djärv]

Joel J. Adamson skrev:

> Okay, I'll try that, but a quick question: should an xauth problem result
> in failures for every X application I try to run?  Other applications
> (other than emacsclient) run just fine.
>
> As Dan suggested, I ran ssh -v, and this is what I got:

This is strange, there should be a lines like this:
debug1: Requesting X11 forwarding with authentication spoofing.

Anyway, one source for this problem is that the shell that runs emacs -daemon
has set XAUTHORITY in the environment to point to some other file.
That environment variable isn't set when you ssh in, so xauth writes to
~/.Xauthority

If this is the case, when you ssh in you must do:
% XAUTHORITY=... (the value it has in the emacs -daemon shell).
% export XAUTHORITY
% xauth remove unix:10
% xauth merge ~/.Xauthority

It might happen that you don't have unix:10, look at your $DISPLAY and replace
localhost with unix in the xauth remove line.  10 is where sshd starts, but if
several ssh sessions to the same host are ongoing, they will have different
DISPLAY:s.

        Jan D.


> ,----
> | ezra: ~ > ssh -v joel@hostname
> | OpenSSH_5.2p1, OpenSSL 1.0.0-fips-beta4 10 Nov 2009
> | debug1: Reading configuration data /etc/ssh/ssh_config
> | debug1: Applying options for *
> | debug1: Connecting to 'name removed' port 22.
> | debug1: Connection established.
> | debug1: identity file /home/joel/.ssh/identity type -1
> | debug1: identity file /home/joel/.ssh/id_rsa type 1
> | debug1: identity file /home/joel/.ssh/id_dsa type -1
> | debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
> | debug1: match: OpenSSH_5.2 pat OpenSSH*
> | debug1: Enabling compatibility mode for protocol 2.0
> | debug1: Local version string SSH-2.0-OpenSSH_5.2
> | debug1: SSH2_MSG_KEXINIT sent
> | debug1: SSH2_MSG_KEXINIT received
> | debug1: kex: server->client aes128-ctr hmac-md5 none
> | debug1: kex: client->server aes128-ctr hmac-md5 none
> | debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> | debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> | debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> | debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> | debug1: Host '<name removed>' is known and matches the RSA host key.
> | debug1: Found key in /home/joel/.ssh/known_hosts:2
> | debug1: ssh_rsa_verify: signature correct
> | debug1: SSH2_MSG_NEWKEYS sent
> | debug1: expecting SSH2_MSG_NEWKEYS
> | debug1: SSH2_MSG_NEWKEYS received
> | debug1: SSH2_MSG_SERVICE_REQUEST sent
> | debug1: SSH2_MSG_SERVICE_ACCEPT received
> | debug1: Authentications that can continue: publickey,gssapi-with-mic,password
> | debug1: Next authentication method: gssapi-with-mic
> | debug1: Unspecified GSS failure.  Minor code may provide more information
> | Credentials cache file '/tmp/krb5cc_500' not found
> | 
> | debug1: Unspecified GSS failure.  Minor code may provide more information
> | Credentials cache file '/tmp/krb5cc_500' not found
> | 
> | debug1: Unspecified GSS failure.  Minor code may provide more information
> | 
> | 
> | debug1: Next authentication method: publickey
> | debug1: Offering public key: /home/joel/.ssh/id_rsa
> | debug1: Server accepts key: pkalg ssh-rsa blen 277
> | debug1: Authentication succeeded (publickey).
> | debug1: channel 0: new [client-session]
> | debug1: Requesting no-more-sessions@openssh.com
> | debug1: Entering interactive session.
> | debug1: Sending environment.
> | debug1: Sending env XMODIFIERS = @im=none
> | debug1: Sending env LANG = en_US.UTF-8
> `----
>
> Thanks,
>
> Joel