Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Christoph Weber-Fahr
July 21, 2004, 6:22 pm
rate this thread
for quite some time now I run into hassles with openssh and xauth.
Apparently, when doing X forwarding, openssh
- puts hostname/displayspec into the .Xauthority file
- puts localhost/displayspec into the DISPLAY environment variable
This means especially that you can't do any tricks in scripts with
xauth extract - $DISPLAY | xauth -f somotherfile merge -
because xauth doesn't find $DISPLAY in your own .Xauthority any more.
(for some strange reason though, the X toolkit libs do)
I have noticed this behaviour with more recent versions of openssh
on both FreeBSD and Solaris Machines.
FWIW, Ylonen ssh1 does this correctly.
- is this a known problem ?
- is there a good reason for that or is this just braindead ?
Re: Openssh breaks xauth
firstname.lastname@example.org (Christoph Weber-Fahr) writes:
Sure you can. You just have to make the script a little more
If $DISPLAY is "localhost:10", then lookup "hostname/unix:0" in
xauth. This should be easy enough to accomodate in your script. It
is more secure to only allow localhost access. But if you put
"localhost:10" in .Xauthority, and if your home directory is NFS
shared over multiple hosts, the information can be clobbered.
You can get back the old behavior with your setting of
"X11UseLocalhost" in "sshd_config".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (SunOS)
-----END PGP SIGNATURE-----
- » Why are PasswordAuthentication and UsePAM mutually exclusive?
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum