Re: What's the deal on the -X vs -Y thing?

From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 01/27/05


Date: 26 Jan 2005 23:11:24 GMT

On 2005-01-26, Dan Stromberg <strombrg@dcs.nac.uci.edu> wrote:
> On Wed, 26 Jan 2005 02:26:25 +0000, Darren Tucker wrote:
> And basically, yes, I do blame this on application developers, because
> they need to realize that the time to maintain systems should be
> -decreasing-. The microsoft world mostly gets this, as does the mac
> world.

This is drifting off-topic, but even Microsoft have realised that at some
point you have to change insecure defaults, eg the now-on-by-default
firewall and changes to DCOM RPC in XP SP2.

[...]
>> That's deep-ssh, right?
>
> Yes, mostly, though some nagios plugins enter the forumla as well.

Out of curiosity, what kind of nagios plugins would care about X
forwarding?

>> case "`ssh -V 2>&1`" in (OpenSSH_3.9*|OpenSSH_4*) ssh -Y server;; (*)
>> ssh -X server;; esac
>
> Yes, I'd very much like to do something like this, but unfortunately,
> deep-ssh cannot handle this kind of syntax in its current form.

You can cut down on shell quoting problems by feeding commands from
stdin, eg

$ cat <<EOD | ssh server /bin/sh
case "`ssh -V 2>&1`" in
    (OpenSSH_3.9*|OpenSSH_4*) ssh -Y server;;
    (*) ssh -X server;;
esac
EOD

or its equivalent in your language of choice.

You could even add cases for other ssh's (eg Tectia's X forwarding is
enabled with "+x").

B
> Yes, I recall that, and added a link to it (or was it something else
> that's pretty similar?) on my deep-ssh page.

Ah, yes, there's an example on the "connect" page which you link to.

[...]

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


Relevant Pages