Re: how to enable magic cookies on W2K cygwin X11?
On Tue, 18 Feb 2003, David wrote: > I needed to add one line before the rm $AUTHFILE > cat $AUTHFILE >>.Xauthority > or the clients could not connect, with the message: > > $ xeyes > Xlib: connection to ":0.0" refused by server > Xlib: No protocol specified Of course. Missed that. > (I guess that in production > mv $AUTHFILE .Xauthority > or just start with > AUTHFILE=.Xauthority > would be better.) I'd append it to the .Xaurthority file. Someone might already have cookies for other servers stored. COOKIE=`mcookie` xauth -f $AUTHFILE add :0.0 MIT-MAGIC-COOKIE-1 $COOKIE xauth add :0.0 MIT-MAGIC-COOKIE-1 $COOKIE XWin -auth $AUTHFILE rm $AUTHFILE or COOKIE=`mcookie` xauth add :0.0 MIT-MAGIC-COOKIE-1 $COOKIE XWin -cookie $COOKIE bye ago -- [EMAIL PROTECTED] http://www.gotti.org ICQ: 126018723
Re: how to enable magic cookies on W2K cygwin X11?
Alexander wrote: > > 1. Stop the tcp listener > > > That means unix sockets must work correctly. If they do you can use the > -nolisten tcp and :0.0 display Yes the code I gave works fine (I am definitely a newbie to unix sockets - I don't even know if they are implemented by cygwin or by W2K, but thanks to someone it is working right.) > > 2. Enable the authentication cookies > > > > However I trawled the man pages about the cookies, and found the X > > startup scripts in SuSE Linux (which has cookies) to be complex enough > > that it would be a small project to convert them to cygwin. > > AUTHFILE=`mktemp /tmp/auth.XX` > COOKIE=`dd if=/dev/random count=1 | md5sum | cut -f1 -d\ ` > xauth -f $AUTHFILE add :0.0 MIT-MAGIC-COOKIE-1 $COOKIE > XWin -auth $AUTHFILE > rm $AUTHFILE This code worked right first time (thanks Igor for the mcookie reference too.) It also made the xauth man page go from opaque to almost lucid. I needed to add one line before the rm $AUTHFILE cat $AUTHFILE >>.Xauthority or the clients could not connect, with the message: $ xeyes Xlib: connection to ":0.0" refused by server Xlib: No protocol specified (I guess that in production mv $AUTHFILE .Xauthority or just start with AUTHFILE=.Xauthority would be better.) I think this fixes the openssh warning about fake cookies though I can't recall how to reproduce it. > maybe > XWin -cookie `dd if=/dev/random count=1 | md5sum | cut -f1 -d\ ` > > will work too. probably not as it seems to me (a real newbie at writing startx scripts) that the cookie needs to be available to the clients and to ssh. David
Re: how to enable magic cookies on W2K cygwin X11?
On Wed, 19 Feb 2003, Alexander Gottwald wrote: > I even don't know if /dev/random exists in cygwin. FYI, it does. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_[EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk! -- /usr/games/fortune
Re: how to enable magic cookies on W2K cygwin X11?
Alexander Gottwald wrote: [some stuff about magic cookies] cygutils contains the mcookie program from util-linux, if that helps. (It may not; I don't know much about X) NAME mcookie - generate magic cookies for xauth SYNOPSIS mcookie [-v] [-f filename ] DESCRIPTION mcookie generates a 128-bit random hexadecimal number for use with the X authority system. Typical usage: xauth add :0 . `mcookie` --Chuck
Re: how to enable magic cookies on W2K cygwin X11?
David wrote: > I wanted to make my cygwin xfree86 server as secure as possible, and I > have the perception that the following would help. > > 1. Stop the tcp listener That means unix sockets must work correctly. If they do you can use the -nolisten tcp and :0.0 display > 2. Enable the authentication cookies > > However I trawled the man pages about the cookies, and found the X > startup scripts in SuSE Linux (which has cookies) to be complex enough > that it would be a small project to convert them to cygwin. AUTHFILE=`mktemp /tmp/auth.XX` COOKIE=`dd if=/dev/random count=1 | md5sum | cut -f1 -d\ ` xauth -f $AUTHFILE add :0.0 MIT-MAGIC-COOKIE-1 $COOKIE XWin -auth $AUTHFILE rm $AUTHFILE maybe XWin -cookie `dd if=/dev/random count=1 | md5sum | cut -f1 -d\ ` will work too. Both methods are not tested but may help as a starting point. I even don't know if /dev/random exists in cygwin. If not, /dev/windows should be fine too. bye ago NP: Blutengel - Wonderland -- [EMAIL PROTECTED] http://www.gotti.org ICQ: 126018723
how to enable magic cookies on W2K cygwin X11?
I wanted to make my cygwin xfree86 server as secure as possible, and I have the perception that the following would help. 1. Stop the tcp listener 2. Enable the authentication cookies Although I did not see it documented it seems I can successfully stop the tcp listener by modifying 1 line in my startxwin.bat as follows start XWin -nolisten tcp and adding this line below it set DISPLAY=:0.0 However I trawled the man pages about the cookies, and found the X startup scripts in SuSE Linux (which has cookies) to be complex enough that it would be a small project to convert them to cygwin. Can you suggest a howto or simpler example scripts to enforce cookies? Thanks in advance. David
