subject:"DISPLAY not set inside jails after update to 10.3\-PRERELEASE FreeBSD 10.3\-PRERELEASE #4 r297043"

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

2016-03-19 Thread Marius Strobl

On Sun, Mar 20, 2016 at 07:47:58AM +0800, Erich Dollansky wrote:
> Hi,
> 
> On Sat, 19 Mar 2016 08:23:09 -0600
> Ian Lepore  wrote:
> 
> > On Sat, 2016-03-19 at 13:48 +0800, Erich Dollansky wrote:
> > > 
> > > nothing else was changed on the machine except the update. I could
> > > use
> > > 
> > > ssh 192.168.12.12
> > > 
> > > to connect to a jail running under that IP address before the update
> > > without problems.
> > > 
> > > It works now only with
> > > 
> > > ssh -Y 192.168.12.12
> > > 
> > > The /etc/ssh/ssh_config file says:
> > > 
> > > Host *
> > > ForwardX11 yes
> > > 
> > > So, it should allow to connect to all machines providing ssh and
> > > forward X11.
> > > 
> > > What did I miss?
> > 
> > If -Y works, the ssh config file option that corresponds to that is
> > ForwardX11Trusted.  ForwardX11 corresponds to -X.  (Not sure what
> > changed, just throwing out the one little crumb of info I've got.)
> > 
> I got this as an off-list reply:
> 
> Could this be related to FreeBSD-SA-16:14.openssh?

Not FreeBSD-SA-16:14.openssh and CVE-2016-3115 respectively, but
most likely the changes for CVE-2016-1908 which came in as part
of the upgrade to OpenSSH 7.2p2, i. e. (among others):
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
The xorg-server port is built with the X11 SECURITY extension
disabled. I just can suspect that the intent is to use a nested
X server such as Xephyr for securely running applications instead.
Actually, I'm surprised that such a fallback to trusted forwarding
existed. I believe it wasn't present back when ForwardX11Trusted
was introduced, essentially already causing the trouble you're now
hitting.

Marius

signature.asc
Description: PGP signature

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

2016-03-19 Thread Erich Dollansky

Hi,

On Sat, 19 Mar 2016 08:23:09 -0600
Ian Lepore  wrote:

> On Sat, 2016-03-19 at 13:48 +0800, Erich Dollansky wrote:
> > 
> > nothing else was changed on the machine except the update. I could
> > use
> > 
> > ssh 192.168.12.12
> > 
> > to connect to a jail running under that IP address before the update
> > without problems.
> > 
> > It works now only with
> > 
> > ssh -Y 192.168.12.12
> > 
> > The /etc/ssh/ssh_config file says:
> > 
> > Host *
> > ForwardX11 yes
> > 
> > So, it should allow to connect to all machines providing ssh and
> > forward X11.
> > 
> > What did I miss?
> 
> If -Y works, the ssh config file option that corresponds to that is
> ForwardX11Trusted.  ForwardX11 corresponds to -X.  (Not sure what
> changed, just throwing out the one little crumb of info I've got.)
> 
I got this as an off-list reply:

Could this be related to FreeBSD-SA-16:14.openssh?

Erich
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

2016-03-19 Thread Ian Lepore

On Sat, 2016-03-19 at 13:48 +0800, Erich Dollansky wrote:
> Hi,
> 
> nothing else was changed on the machine except the update. I could
> use
> 
> ssh 192.168.12.12
> 
> to connect to a jail running under that IP address before the update
> without problems.
> 
> It works now only with
> 
> ssh -Y 192.168.12.12
> 
> The /etc/ssh/ssh_config file says:
> 
> Host *
> ForwardX11 yes
> 
> So, it should allow to connect to all machines providing ssh and
> forward X11.
> 
> What did I miss?
> 
> Erich

If -Y works, the ssh config file option that corresponds to that is
ForwardX11Trusted.  ForwardX11 corresponds to -X.  (Not sure what
changed, just throwing out the one little crumb of info I've got.)

-- Ian

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

2016-03-19 Thread Erich Dollansky

Hi,

nothing else was changed on the machine except the update. I could use

ssh 192.168.12.12

to connect to a jail running under that IP address before the update
without problems.

It works now only with

ssh -Y 192.168.12.12

The /etc/ssh/ssh_config file says:

Host *
ForwardX11 yes

So, it should allow to connect to all machines providing ssh and
forward X11.

What did I miss?

Erich
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

4 matches

Site Navigation

Mail list logo

Footer information