On Wed, 14 Mar 2001, "Karl J. Runge" <[EMAIL PROTECTED]> wrote:
>
> This might be the same problem that hit my wife's similar
> (telecommuting) setup.
>
> ssh on their Linux box was upgraded from "ssh classic" to Openssh.
> openssh is more paranoid in its default config than ssh classic:
I did a little experimenting to try to fix my wife's X display when she
is telecommuting into an OpenSSH sshd daemon. I think I got it.
There is a nice trick (see sshd(1)) to pass the spoofed MIT X cookie to
a script of yours on the remote machine. It is passed by sshd as stdin
to ~/.ssh/rc if that file exists.
So in ~/.ssh/rc on the REMOTE machine (i.e. the one we ssh *into*) I put:
#!/bin/sh
PATH=/usr/bin/X11:/usr/X11R6/bin:$PATH
if read proto cookie; then
echo "add $DISPLAY $proto $cookie" | xauth -f $HOME/.Xauthority -q -
if [ "$XAUTHORITY" != "" -a "$XAUTHORITY" != "$HOME/.Xauthority" ]; then
echo "add $DISPLAY $proto $cookie" | xauth -f $XAUTHORITY -q -
fi
fi
This reads the protocol and cookie from stdin, and then uses xauth to
add the cookie to ~/.Xauthority.
This allows her to then telnet/rsh into other machines in her work LAN,
set DISPLAY, and fire up X applications (usually more xterm's).
The inner "if" is a kludge I did to also add the cookie to the
authority file in /tmp/ssh-XXXXXX/cookies (what $XAUTHORITY is set to)
as well. Seems like a bug in OpenSSH sshd that $XAUTHORITY is left
empty if ~/.ssh/rc is used ... maybe I should report it as a bug???
(If there is an easier way to do these, please let me know)
HTH,
Karl
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
