Re: ssh -Y X-forwarding?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Jun 4, 2013 at 1:55 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> On Tue, Jun 4, 2013 at 12:44 PM, Adam Wead <amsterdamos@xxxxxxxxx> wrote:
>> I have to use -X in conjunction with -Y, so ssh -XY remote_host
>
> No difference;
> ssh -Y user@centos_5_host 'echo $DISPLAY'
>  returns
> localhost:11.0
> ssh -XY user@centos_6_host 'echo $DISPLAY'
> returns nothing.
>
>
> /etc/ssh/sshd_config is the default, with:
> X11Forwarding yes
>
> I remember having a similar problem when the xauth program was missing
> on a box but this one has it installed.
>

I'm a little lost as to wny you're using -XY; I'd expect either a -X
or a -Y option; not both.

from the man page:
     -X      Enables X11 forwarding.  This can also be specified on a per-host
             basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the
             ability to bypass file permissions on the remote host (for the
             userâs X authorization database) can access the local X11 display
             through the forwarded connection.  An attacker may then be able
             to perform activities such as keystroke monitoring.

             For this reason, X11 forwarding is subjected to X11 SECURITY
             extension restrictions by default.  Please refer to the ssh -Y
             option and the ForwardX11Trusted directive in ssh_config(5) for
             more information.

     -x      Disables X11 forwarding.

     -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not
             subjected to the X11 SECURITY extension controls.


although in trying it myself, I get:

[z@ds ~]$ ssh -X z@mote
Last login: Tue Jun  4 11:35:17 2013 from deathstar
[z@mote ~]$ echo $DISPLAY
localhost:10.0
[z@mote ~]$ logout
Connection to mote closed.
[z@ds ~]$ ssh -Y z@mote
Last login: Tue Jun  4 14:15:04 2013 from deathstar
[z@mote ~]$ echo $DISPLAY
localhost:10.0
[z@mote ~]$ logout
Connection to mote closed.
[z@ds ~]$ ssh -XY z@mote
Last login: Tue Jun  4 14:15:19 2013 from deathstar
[z@mote ~]$ echo $DISPLAY
localhost:10.0
[z@mote ~]$ cat /etc/redhat-release
CentOS release 6.4 (Final)


do you get error messages if you run xauth by hand?

[zep@mote ~]$ xauth
Using authority file /home/zep/.Xauthority
xauth> ?
Commands:
        add       exit      extract   help      info      list
        merge     nextract  nlist     nmerge    quit      remove
        source    ?         generate
xauth> list
....
xauth> info
Authority file:       /home/zep/.Xauthority
File new:             no
File locked:          no
Number of entries:    4
Changes honored:      yes
Changes made:         no
Current input:        (stdin):3

--
Even the Magic 8 ball has an opinion on email clients: Outlook not so good.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos





[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux