On Monday 27 November 2006 07:34, Jeff Epler wrote:
>I have never run into problems with these doing X forwarding over ssh
>with modern machines.
>
>Two differences between your setup and mine:
> * I do everything as a user, and I don't use "su"
> * I use -X, not -Y. (this is less likely to be the issue)
>
>Often, X authentication information is not available when you "su" to
>another user, because it is stored in a file in that user's home
>directory with restricted permissions.
>
>The problem might go away if you log into "shop" as gene. It's easiest
>if you log into "coyote" as gene too, but otherwise you can write
> ssh -X [EMAIL PROTECTED]
And that worked flawlessly, thanks Jeff. I was under the impression that
for recent sshd's the -X option had been deprecated, hence I was using -Y
as the manpage says (or did on FC2)..
The manpage now says:
--------------
-X Enables X11 forwarding. This can also be specified on a
per-host basis in a configuration file.
X11 forwarding should be enabled with caution. Users with
the ability to bypass file permissions on the remote host (for
the user’s X authorization database) can access the local X11
display through the forwarded connection. An attacker may
then be able to perform activities such as keystroke
monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY
extension restrictions by default. Please refer to the ssh -Y
option and the ForwardX11Trusted directive in ssh_config(5)
for more information.
-x Disables X11 forwarding.
-Y Enables trusted X11 forwarding. Trusted X11 forwardings are
not subjected to the X11 SECURITY extension controls.
---------------
Which is not exactly the wording I recall previously. OTOH, my memory
isn't always exact...
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Emc-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/emc-users
