Re: Openssh breaks xauth
From: Neil W Rickert (rickert+nn_at_cs.niu.edu)
Date: 07/21/04
- Next message: Dimitri Maziuk: "Re: SSH/(g)awk"
- Previous message: Jim Faulkner: "Why are PasswordAuthentication and UsePAM mutually exclusive?"
- In reply to: Christoph Weber-Fahr: "Openssh breaks xauth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 21:05:01 +0000 (UTC)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
wefa@arcor.de (Christoph Weber-Fahr) writes:
>for quite some time now I run into hassles with openssh and xauth.
>Apparently, when doing X forwarding, openssh
>- puts hostname/displayspec into the .Xauthority file
>- puts localhost/displayspec into the DISPLAY environment variable
>This means especially that you can't do any tricks in scripts with
> xauth extract - $DISPLAY | xauth -f somotherfile merge -
Sure you can. You just have to make the script a little more
complex.
>because xauth doesn't find $DISPLAY in your own .Xauthority any more.
>(for some strange reason though, the X toolkit libs do)
If $DISPLAY is "localhost:10", then lookup "hostname/unix:0" in
xauth. This should be easy enough to accomodate in your script. It
is more secure to only allow localhost access. But if you put
"localhost:10" in .Xauthority, and if your home directory is NFS
shared over multiple hosts, the information can be clobbered.
>FWIW, Ylonen ssh1 does this correctly.
You can get back the old behavior with your setting of
"X11UseLocalhost" in "sshd_config".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (SunOS)
iD8DBQFA/tp6vmGe70vHPUMRAj1hAJ0fBQq3GEi2EoAGEah8/TPE3NV9HQCg/wb5
baGpIQ9xckWPgeNc/uBBtKQ=
=R8Ep
-----END PGP SIGNATURE-----
- Next message: Dimitri Maziuk: "Re: SSH/(g)awk"
- Previous message: Jim Faulkner: "Why are PasswordAuthentication and UsePAM mutually exclusive?"
- In reply to: Christoph Weber-Fahr: "Openssh breaks xauth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
