Re: X11 Forwarding via Multiple Conections

Wed, 14 Mar 2001 17:29:54 -0500 

I have no problem "forwarding" X exports with OpenSSH... BUT you have to
make sure that forwarding is enabled in your /etc/ssh/ssh_config (or, I
believe, same file in .ssh in your homedir).  Thusly:

# Be paranoid by default
Host *
        ForwardAgent yes # This was set to "no" originally,
        ForwardX11 yes   # as was this.

-Ken

On Wed, 14 Mar 2001, Karl J. Runge wrote:

>
> On Wed, 14 Mar 2001, Brian Chabot <[EMAIL PROTECTED]> wrote:
> >
> > It used to work with the old Linux box (the one that was Fubar'd a
> > couple weeks ago...).  Client would ssh to the Linux box, telnet or rsh
> > to the Sun box, run the needed programs, and via X-win32 or eXceed on
> > the home box, see the app.
>
> This might be the same problem that hit my wife's similar
> (telecommuting) setup.
>
> ssh on their Linux box was upgraded from "ssh classic" to Openssh.
>
> openssh is more paranoid in its default config than ssh classic:
>
>       By default openssh will only redir ports (-R) for local
>       connections, that is to say, the redir only  LISTEN's on
>       loopback/localhost interface, not the ethernet interface(s).
>       There is a setting to override this. (GatewayPorts?)
>
>       It seems that, by default sshd puts the spoofed cookie in
>       /tmp/ssh-XXXXX/cookies rather than in ~/.Xauthority and
>       sets $XAUTHORITY accordingly. This means the cookie will
>       not be exported by NFS. I believe this can be overridden...
>       (or at worst a script copy the info to ~/.Xauthority)
>
> Both of these make the default setup safer by only allowing port redirs
> and X forwarding to work for processes on the Linux (sshd host) box
> and not for other machines on the remote lans (e.g. the Sun box you mention).
>
> This may be your problem. If you need help trying to come up with a
> workaround, I don't know exactly what to do but have some ideas.
>
>
> Karl
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
>


**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************

Reply via email to