"Nadav Har'El" <[EMAIL PROTECTED]> writes:
> Anyway, if you want to ask your client to do X forwarding, simply do
> "ssh -X machine". You don't have to change any configration file.
This may be not enough. From "man ssh":
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user’s X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY
extension restrictions by default. Please refer to the ssh -Y
option and the ForwardX11Trusted directive in ssh_config(5) for
more information.
-x Disables X11 forwarding.
-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
subjected to the X11 SECURITY extension controls.
So, if "ssh -X" does not work, try "ssh -Y". Finally, sometimes you
need to ssh to a "gateway" machine and then ssh from there to the
machine you actually want to run an X application on. For this you
need to forward the authentication agent connection, i.e., use ssh -YA
for the first ssh (to the "gateway").
--
Oleg Goldshmidt | [EMAIL PROTECTED] | http://www.goldshmidt.org
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
