2

I routinely run a bunch of experiments (perl scripts) on my lab machines. The client machine I'm currently running my experiments on runs Ubuntu 14.04.5 LTS.

These perl scripts, among other things, ssh over to other machines on the network to gather network/vmstats. These have been working fine, until a recent update (on the client side) broke something, causing the scripts to run exceptionally slowly, with the following error message generated for every ssh command in the script :

Warning: No xauth data; using fake authentication data for X11 forwarding.

When I turned on -vvv level logging on my ssh commands, they reveal the following : 

debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth  list unix:10.0 2>/dev/null
***[HANGS FOR 20-30 SECONDS]***
Warning: No xauth data; using fake authentication data for X11 forwarding.

I read all the SO and other forums' discussions I could find related to "interactive session slow" and the xauth warning, but none of the solutions really worked.

I also doubt any of those specific situations apply to me, mainly because I am able to get an ssh session going from the client machine to the server without any problems - it is the ssh's from the perl scripts which have the issue.

I checked the DISPLAY env variable, and it's passing it on correctly to the X11 server (here's the output): 

echo $DISPLAY
localhost:10.0

xauth is working as well. I created a toy perl script invoked from inside a shell script (to try and simulate what's happening in my lab experiments), and this runs fine with no issues. Here are my toy scripts: 

mary.sh
   #!/bin/sh
   printenv
   test.pl | & tee STDOUT-MARY
test.pl
   !/usr/bin/perl
   system "ssh -vvv <serverIP> 'cat vmstat.log' >> vmstat.mary < /dev/null\n";

Here are things I have also tried (suggestions from SO etc. discussions):

  1. Adding DISPLAY to the Acceptenv list in /etc/ssh/sshd_config
  2. Remove MOTD from /etc/pam.d/login and sshd files
  3. Remove landscape-client

I am totally clueless as to why this is happening, and how I can fix it. My lab experiments are running a lot longer than they should because of this issue. Any help on this is greatly appreciated. If you should need any more information to diagnose the issue, I am happy to provide it.

Thanks.

aspen100
  • 121
  • 1
  • 5
  • 1
    Do your scripts really need X11 forwarding enabled? – Michael Hampton Aug 24 '16 at 01:31
  • yes, I believe it is, unfortunately. That was the first thing I tried to get rid of, but it's necessary for certain parts of the script. I'm hoping not to rewrite a bunch of legacy perl code :( – aspen100 Aug 24 '16 at 03:09
  • 1
    @aspen100 Your "experiments" don't work, but the test script you made works fine? The test script doesn't do anything with X11. You should show us one of your real scripts and explain how it gets executed. – Ryan Babchishin Aug 24 '16 at 03:22

1 Answers1

0

Try using ssh -Y

ssh man page

-Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
Ryan Babchishin
  • 6,260
  • 2
  • 17
  • 37
  • Based on the information in the question this is not good advice. It would be much more sensible to disable forwarding altogether. – kasperd Aug 24 '16 at 07:18
  • @kasperd Let's be professional here, that's not polite. He was clear that he needed X11 forwarding enabled when asked. See comments on his questions: "yes, I believe it is, unfortunately. That was the first thing I tried to get rid of, but it's necessary for certain parts of the script. I'm hoping not to rewrite a bunch of legacy perl code :( – " – Ryan Babchishin Aug 24 '16 at 12:19
  • Trusted forwarding is already enabled in my config file. – aspen100 Aug 24 '16 at 15:34
  • @aspen100 Can you post one of your scripts that is not working right so we can all look at it? – Ryan Babchishin Aug 24 '16 at 15:43