SchedMD - Slurm Support – Full Text Ticket Listing
- Home
- | New
- | Browse
- | Search
- | [?]
- | Reports
- | Help
- | New Account
- | Log In
- | Forgot Password
| Summary: | X11 forwarding fails when sshd option X11UseLocalhost is yes | ||
|---|---|---|---|
| Product: | Slurm | Reporter: | Michael Gutteridge <mrg> |
| Component: | slurmstepd | Assignee: | Tim Wickberg <tim> |
| Status: | RESOLVED DUPLICATE | QA Contact: | |
| Severity: | 4 - Minor Issue | ||
| Priority: | --- | ||
| Version: | 18.08.1 | ||
| Hardware: | Linux | ||
| OS: | Linux | ||
| Site: | FHCRC - Fred Hutchinson Cancer Research Center | Alineos Sites: | --- |
| Atos/Eviden Sites: | --- | Confidential Site: | --- |
| Coreweave sites: | --- | Cray Sites: | --- |
| DS9 clusters: | --- | HPCnow Sites: | --- |
| HPE Sites: | --- | IBM Sites: | --- |
| NOAA SIte: | --- | NoveTech Sites: | --- |
| Nvidia HWinf-CS Sites: | --- | OCF Sites: | --- |
| Recursion Pharma Sites: | --- | SFW Sites: | --- |
| SNIC sites: | --- | Linux Distro: | --- |
| Machine Name: | CLE Version: | ||
| Version Fixed: | Target Release: | --- | |
| DevPrio: | --- | Emory-Cloud Sites: | --- |
Hi Michael - This is a known limitation of the current implementation. We'll be adding additional configuration flags to help work around these issues with the xauth cookie format in a future 18.08 release. I'm closing this as a duplicate of bug 3647 which is tracking that and related X11 forwarding issues. - Tim *** This ticket has been marked as a duplicate of ticket 3647 *** |
When we try to use `--x11` with srun and the SSH server on the daemon node is configured with "X11UseLocalhost yes" we get the error: mrg@submithost:~$ srun --x11 xterm srun: error: x11_get_xauth: Could not retrieve magic cookie. Cannot use X11 forwarding. Setting "X11UseLocalhost no" resolves the issue but we'd _kind_ of like to use the more secure localhost forwarding. I've done a bit of digging and I think I've found some answers at least. Hopefully this will be useful. src/common/x11_util.c in the function x11_get_auth attempts to use the DISPLAY environment variable to look for the authentication token in the Xauthority file: 147 xauth_argv[2] = xstrdup(getenv("DISPLAY")); When configured with "X11UseLocalhost yes", the display is set to "localhost:NN", but sshd generates the authentication token using[1]: /usr/bin/xauth add unix:10.0 MIT-MAGIC-COOKIE-1 38d8abba976... which generates a token like: node1/unix:10 MIT-MAGIC-COOKIE-1 b9488c20.... which won't be located by x11_get_auth as it's looking for a token like: xauth list localhost:10.0 So that's background- for a fix... I'm not sure how to advise. I do know that you can also look up the token generated by ssh using: xauth list unix:10.0 Maybe a conditional around generating xauth_argv[2] that checks to see if the display is "localhost:NN.X" and in those cases look for a token using "unix:NN.X"? Thanks for all your work. Michael [1] https://github.com/openssh/openssh-portable/blob/f1dd179e122bdfdb7ca3072d9603607740efda05/session.c#L2599