Magic Cookie - SSH Secure Shell

Tue Apr 21 14:27:00 GMT 2015

On 19/04/2015 22:08, Nicholas Fitzkee wrote:
> Typically, I start Xwin when I log in, and I rarely use the Cygwin terminal
> to run programs.  Instead, I use an older SSH client (SSH Secure Shell
> 3.2.9), similar to PuTTY, to use X11 apps remotely.  I don't want to see any
> xterms or menus when I start, and I need to listen for TCP connections from
> my SSH app.
>
[snip]
>
> In addition, I added the server args to my "XWin Server" shortcut.  The
> complete shortcut target now reads:
>
> D:\cygwin\bin\run.exe --quote /usr/bin/bash.exe -l -c "cd;
> /usr/bin/startxwin -- -listen tcp -multiwindow -clipboard"
>
> All seems to be well and good - when I start Cygwin Terminal and type
> "export DISPLAY=:0.0" and then xeyes, the eyes come up.  Similarly, when I
> use "export DISPLAY='localhost:0.0' and run xeyes from Cygwin Terminal, it
> also works.
>
> However, when I try logging into my remote server (X-connections are
> forwarded) using the program, I get the following error messages, and I
> can't run X11 apps remotely:
>
> --- snip ---
>
> Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.2.0-79-generic x86_64)
>
> ... blah blah ...
>
> Last login: ... blah blah ...
> Invalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyInvalid
> MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyxset:  unable to open
> display "localhost:16.0"
> Invalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyInvalid
> MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyxset:  unable to open
> display "localhost:16.0"
> Invalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyInvalid
> MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyxset:  unable to open
> display "localhost:16.0"
> Invalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyInvalid
> MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyxset:  unable to open
> display "localhost:16.0"
> Invalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyInvalid
> MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyxhost:  unable to open
> display "localhost:16.0"
>
> --- snip ---
>
> I have no idea how to fix this or what it means, but I think it may be
> related to the following thread (regarding PuTTY), which doesn't appear to
> have ever been resolved.
>
> https://cygwin.com/ml/cygwin-xfree/2015-02/msg00075.html
>
> I will note that I can work around this using a shortcut target of:
>
> D:\cygwin\bin\run.exe --quote /usr/bin/bash.exe -l -c "cd; Xwin -listen tcp
> -multiwindow -clipboard"
>
> However, this seems like a bit of a hack.

You are correct, this is the same issue.

The problem is that starting the server using startx or startxwin 
generates a random authentication cookie, which is passed to the server 
using the -auth option and which is required for clients to connect. 
Local cygwin X clients (including ones forwarded using cygwin's ssh 
client) will use that token automatically.

Unfortunately, at this point in time, the solutions to your problem are 
limited to

- starting XWin directly
- using cygwin ssh
- configuring your non-cygwin X client to use the correct authentication 
token (It seems to be possible to do this with PuTTY as discussed in 
that thread.  I don't know if it your ssh program has that option)

I'm not sure about how to solve this problem.   I guess it would be 
possible to make startxwin not use -auth by default, as it did 
previously, but reducing the security of the default configuration like 
that doesn't seem a good idea.

> Ultimately, I have graduate and undergraduate students who need to be able
> to quickly set up their own Windows systems to run X11 apps on my linux
> server.  These students are often not particularly tech-saavy, so I'd like
> my tutorial for them to be as simple as posslble.  As an example, you can
> see what I wrote for the old xinit at this link:
>
> http://fitzkee.chemistry.msstate.edu/sites/default/files/bootcamp/session-03
> _running-x11.pdf

I'm afraid this link doesn't work for me.

If all you are using cygwin for is the Xserver, perhaps you might find 
Xming or Vcxsrv more suitable to your needs?

-- 
Jon TURNEY
Volunteer Cygwin/X X Server maintainer

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://x.cygwin.com/docs/
FAQ:                   http://x.cygwin.com/docs/faq/