Re: X11 forwarding setup correctly?
From: Shing-Fat Fred Ma (fma@doe.carleton.ca)
Date: 11/23/02
- Next message: those who know me have no need of my name: "Re: X11 forwarding setup correctly?"
- Previous message: Shing-Fat Fred Ma: "Re: Which authenttication is better"
- In reply to: Darren Tucker: "Re: X11 forwarding setup correctly?"
- Next in thread: those who know me have no need of my name: "Re: X11 forwarding setup correctly?"
- Reply: those who know me have no need of my name: "Re: X11 forwarding setup correctly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Shing-Fat Fred Ma <fma@doe.carleton.ca> Date: 23 Nov 2002 22:59:10 GMT
Darren Tucker wrote:
>In article <3DDF36B6.1000802@doe.carleton.ca>,
>Shing-Fat Fred Ma <fma@doe.carleton.ca> wrote:
>
>
>> Host *
>> ForwardX11 yes
>>
>>But that didn't help. I checked our
>>/opt/ssh/etc/ssh[d]_config (there are
>>no such files in /etc/ or /etc/ssh/).
>>They *do* disable X11 forwarding, but
>>those lines are commented out.
>>
>>
>
>The default for ForwardX11 is "no". You need to actually put "ForwardX11
>yes" into sshd_config to enable it.
>
>The other thing to check is that you have xauth and sshd knows where to
>find it (with XAuthLocation if necessary).
>
Hi, Darren,
I combed over man pages for xauth, X,
and Xsecurity, as well as looking in an
X intro book. All I can say is that I'm
not going to get up to speed on X
authorization in the near, though I can
certainly mouth buzzwords.
I did put
Host *
ForwardX11 yes
XAuthLocation /usr/bin/X11/xauth
in my config, but it didn't help. (I made
sure the xauth path existed).
I just want to be sure of something here,
because it seems counterintuitive.
The "ForwardX11 no" is commented out
in the system-wide ssh_config. Similary,
"X11Forwarding no" is commented out
in the system-wide ssh_config.
Despite that, the default is still "no" unless
there is an explicit yes in those files? And
this implied default is not overridden by my
own explicit "yes" ~/.ssh/config?
If that's the case, I will ask my sys admin
if he can change them to "yes". There
doesn't seem to be any point in ssh'ing
to a machine, then have the xterms
unencrypted.
On another note, my home directory
resides on a server machine. But I don't
believe there is any security between the
file server and the machine on which I'm
working. Am I right in concluding that
within the LAN, the security is quite
low, despite the use of ssh?
Thanks in advance.
Fred
-- Fred Ma, fma@doe.carleton.ca Carleton University, Dept. of Electronics 1125 Colonel By Drive, Ottawa, Ontario Canada, K1S 5B6
- Next message: those who know me have no need of my name: "Re: X11 forwarding setup correctly?"
- Previous message: Shing-Fat Fred Ma: "Re: Which authenttication is better"
- In reply to: Darren Tucker: "Re: X11 forwarding setup correctly?"
- Next in thread: those who know me have no need of my name: "Re: X11 forwarding setup correctly?"
- Reply: those who know me have no need of my name: "Re: X11 forwarding setup correctly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
