[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] ssh and X11 help



Ken Schneider wrote:
-----Original Message-----
From: Calin Duma <calind@xxxxxxxxxxxxx>
To: armins@xxxxxxx, suse-security@xxxxxxxx
Date: Sat, 01 May 2004 11:31:37 -0400
Subject: Re: [suse-security] ssh and X11 help


Thanks Armin.  I am doing it with with an ssh config file that sets the
X11 forwarding via a config file entry

The fact that the display is correctly set as I ssh though the two machines tells us that the X11 is forwarded - I am not sure why the xterm does not pop up.

Calin



Because you also need to allow remote "x" programs to display on your
screen. This can be done with xhost + and then xhost - after you are through.


Ken,

This is really bad advice, especially in a security list.

The xhost command is for allowing remote systems access to your display. If you must use it, at the very least specify the host for which you are granting access: "xhost + IP_ADDRESS". An even better way to do this is with xauth, but it is a bit more complicated. Where xhost is system based, xauth is session based.

The ssh X forwarding facility should work regardless of xhost. It uses xauth with magic-cookies. I would check to make sure xauth is in your path on both machines. If there are both stock SuSE installs, things should just work, although you might need to specify the -X option. I have has issues when connecting to various Solaris boxes.



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here