Re: X-Forwarding without writeable $HOME

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

    LR> Hi all.  Maybe someone can help me with this one.

    LR> We set up a Solaris9 machine with OpenSSH3.6.1p2 for our users to
    LR> use it as a secure gateway to machines in our internal
    LR> network. There are no user directories (NFS based) available,
    LR> every user finds himself in / after successfull login.

My first thought is that, because OpenSSH maintains a number of per-user
variables in the home directory that users might want to alter, you should
give them home directories.

    LR> Having $HOME set to '/' we are no longer able to use ssh
    LR> X-Forwarding because xauth is not allowed to write
    LR> $HOME/.Xauthority. Of course we would like to use this feature
    LR> since it is much more convenient for the user instead of using
    LR> 'xhost' and 'setenv DISPLAY'.

If you're using public-key authentication, you can use something like
this per user:

environment="XAUTHORITY=/tmp/user.xauth" ssh-dss AAAAB3NzaC1kc3MAAACBAMXX...

Or, you could use ~/.ssh/environment, but you probably have a single such
file for all your accounts.

Or, you could use ~/.ssh/rc to store the xauth cookie, but you'd have to
find a way to get that location into the login environment.

  Richard Silverman

Site Timeline