[pve-devel] [PATCH v2 ha-manager] ha-simulator: add xauth dependency

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Feb 10 08:42:22 CET 2021


On 10.02.21 08:29, Thomas Lamprecht wrote:
> On 09.02.21 19:21, Dietmar Maurer wrote:
>> On 09.02.21 16:45, Aaron Lauterer wrote:
>>> When installing the ha-simulator on a PVE node to start it via ssh with
>>> x11 forwarding, the xauth package helps to avoid `Unable to init server:
>>> Could not connect: Connection refused` errors.
>>
>> This is true for anything. X11 forwarding simply works that way. So I am quite unsure if we should add xauth here...> > Or is this a common practice (I am unaware of)?
> 
> Not really, but there are not much programs which are primarily run over
> SSH forwarding I know either.
> 
> If one really wants an active warning one could do a check like:
> 
> defined($ENV{'SSH_CONNECTION'}) && !(-x /usr/bin/xauth || -x /bin/xauth)
> 
> A bit crude but could work, and could be used to print out a early warning.

After short talk with Dietmar we came to the conclusion that this is far
harder to tell and neither configuring a dependency to xauth nor checking
if it's exist at runtime really guarantees anything and is not really
a hard coded must (you can allow unauthenticated forwarding where xauth
is not required).
At least `/etc/ssh/sshd_config` must also be configured correctly.

I'd add the latter to my proposed wording in the docs patch, IMO there's
really the best place to handle this.




More information about the pve-devel mailing list