Re: X-Forwarding without writeable $HOME
From: Richard E. Silverman (res_at_qoxp.net)
Date: 08/21/03
- Previous message: Richard E. Silverman: "Re: Problem when building a chrooted sftp environment"
- In reply to: Lars Rehe: "X-Forwarding without writeable $HOME"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Aug 2003 12:55:15 -0400
>>>>> "LR" == Lars Rehe <lars.rehe@web.de> writes:
LR> Hi all. Maybe someone can help me with this one.
LR> We set up a Solaris9 machine with OpenSSH3.6.1p2 for our users to
LR> use it as a secure gateway to machines in our internal
LR> network. There are no user directories (NFS based) available,
LR> every user finds himself in / after successfull login.
My first thought is that, because OpenSSH maintains a number of per-user
variables in the home directory that users might want to alter, you should
give them home directories.
LR> Having $HOME set to '/' we are no longer able to use ssh
LR> X-Forwarding because xauth is not allowed to write
LR> $HOME/.Xauthority. Of course we would like to use this feature
LR> since it is much more convenient for the user instead of using
LR> 'xhost' and 'setenv DISPLAY'.
If you're using public-key authentication, you can use something like
this per user:
environment="XAUTHORITY=/tmp/user.xauth" ssh-dss AAAAB3NzaC1kc3MAAACBAMXX...
Or, you could use ~/.ssh/environment, but you probably have a single such
file for all your accounts.
Or, you could use ~/.ssh/rc to store the xauth cookie, but you'd have to
find a way to get that location into the login environment.
-- Richard Silverman res@qoxp.net
- Previous message: Richard E. Silverman: "Re: Problem when building a chrooted sftp environment"
- In reply to: Lars Rehe: "X-Forwarding without writeable $HOME"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
