When we try to use `--x11` with srun and the SSH server on the daemon node is configured with "X11UseLocalhost yes" we get the error:
mrg@submithost:~$ srun --x11 xterm
srun: error: x11_get_xauth: Could not retrieve magic
cookie. Cannot use X11 forwarding.
Setting "X11UseLocalhost no" resolves the issue but we'd _kind_ of like to use the more secure localhost forwarding. I've done a bit of digging and I think I've found some answers at least. Hopefully this will be useful.
src/common/x11_util.c in the function x11_get_auth attempts to use the DISPLAY environment variable to look for the authentication token in the Xauthority file:
147 xauth_argv = xstrdup(getenv("DISPLAY"));
When configured with "X11UseLocalhost yes", the display is set to "localhost:NN", but sshd generates the authentication token using:
/usr/bin/xauth add unix:10.0 MIT-MAGIC-COOKIE-1 38d8abba976...
which generates a token like:
node1/unix:10 MIT-MAGIC-COOKIE-1 b9488c20....
which won't be located by x11_get_auth as it's looking for a token like:
xauth list localhost:10.0
So that's background- for a fix... I'm not sure how to advise. I do know that you can also look up the token generated by ssh using:
xauth list unix:10.0
Maybe a conditional around generating xauth_argv that checks to see if the display is "localhost:NN.X" and in those cases look for a token using "unix:NN.X"?
Thanks for all your work.
Hi Michael -
This is a known limitation of the current implementation. We'll be adding additional configuration flags to help work around these issues with the xauth cookie format in a future 18.08 release.
I'm closing this as a duplicate of bug 3647 which is tracking that and related X11 forwarding issues.
*** This bug has been marked as a duplicate of bug 3647 ***