From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Dietmar Maurer <dietmar@proxmox.com>,
Aaron Lauterer <a.lauterer@proxmox.com>
Subject: Re: [pve-devel] [PATCH v2 ha-manager] ha-simulator: add xauth dependency
Date: Wed, 10 Feb 2021 08:42:22 +0100 [thread overview]
Message-ID: <c0f0c614-ba85-83da-c310-c04127f79815@proxmox.com> (raw)
In-Reply-To: <a677eed3-cef0-eb7c-28ef-eed486c352a7@proxmox.com>
On 10.02.21 08:29, Thomas Lamprecht wrote:
> On 09.02.21 19:21, Dietmar Maurer wrote:
>> On 09.02.21 16:45, Aaron Lauterer wrote:
>>> When installing the ha-simulator on a PVE node to start it via ssh with
>>> x11 forwarding, the xauth package helps to avoid `Unable to init server:
>>> Could not connect: Connection refused` errors.
>>
>> This is true for anything. X11 forwarding simply works that way. So I am quite unsure if we should add xauth here...> > Or is this a common practice (I am unaware of)?
>
> Not really, but there are not much programs which are primarily run over
> SSH forwarding I know either.
>
> If one really wants an active warning one could do a check like:
>
> defined($ENV{'SSH_CONNECTION'}) && !(-x /usr/bin/xauth || -x /bin/xauth)
>
> A bit crude but could work, and could be used to print out a early warning.
After short talk with Dietmar we came to the conclusion that this is far
harder to tell and neither configuring a dependency to xauth nor checking
if it's exist at runtime really guarantees anything and is not really
a hard coded must (you can allow unauthenticated forwarding where xauth
is not required).
At least `/etc/ssh/sshd_config` must also be configured correctly.
I'd add the latter to my proposed wording in the docs patch, IMO there's
really the best place to handle this.
prev parent reply other threads:[~2021-02-10 7:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 15:45 Aaron Lauterer
2021-02-09 15:45 ` [pve-devel] [PATCH v2 docs] ha-manager: simulator: add note for xauth when installing Aaron Lauterer
2021-02-10 7:19 ` Thomas Lamprecht
2021-02-09 18:21 ` [pve-devel] [PATCH v2 ha-manager] ha-simulator: add xauth dependency Dietmar Maurer
2021-02-10 7:29 ` Thomas Lamprecht
2021-02-10 7:42 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c0f0c614-ba85-83da-c310-c04127f79815@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=a.lauterer@proxmox.com \
--cc=dietmar@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox