[pve-devel] [PATCH v2 ha-manager] ha-simulator: add xauth dependency

[Thomas Lamprecht]

On 10.02.21 08:29, Thomas Lamprecht wrote:
> On 09.02.21 19:21, Dietmar Maurer wrote:
>> On 09.02.21 16:45, Aaron Lauterer wrote:
>>> When installing the ha-simulator on a PVE node to start it via ssh with
>>> x11 forwarding, the xauth package helps to avoid `Unable to init server:
>>> Could not connect: Connection refused` errors.
>>
>> This is true for anything. X11 forwarding simply works that way. So I am quite unsure if we should add xauth here...> > Or is this a common practice (I am unaware of)?
> 
> Not really, but there are not much programs which are primarily run over
> SSH forwarding I know either.
> 
> If one really wants an active warning one could do a check like:
> 
> defined($ENV{'SSH_CONNECTION'}) && !(-x /usr/bin/xauth || -x /bin/xauth)
> 
> A bit crude but could work, and could be used to print out a early warning.

After short talk with Dietmar we came to the conclusion that this is far
harder to tell and neither configuring a dependency to xauth nor checking
if it's exist at runtime really guarantees anything and is not really
a hard coded must (you can allow unauthenticated forwarding where xauth
is not required).
At least `/etc/ssh/sshd_config` must also be configured correctly.

I'd add the latter to my proposed wording in the docs patch, IMO there's
really the best place to handle this.