[Gllug] automagic DISPLAYs
Alex Hudson
home at alexhudson.com
Tue Sep 18 15:55:51 UTC 2001
On Tuesday 18 September 2001 16:41, you wrote:
> > Authentication problem. You could install xauth, or you could xhost + on
> > the server machine if it's not too strict. I don't think the tunnel does
> > anything particularly magic.
>
> The server (the initiator) is xhost +'d whilst testing, but that isn't
> going to help; ssh isn't just doing port forwarding, otherwise it wouldn't
> need to mess about with the X authentication.
Well, it kind of is. It does do xauth - so, the local server (i.e. the
forwarder) requires a cookie, which is not the same one as your X display.
So, you have two solutions:
- get xauth working to use the local cookie (and hence not need to mess with
DISPLAY), and it will all just work.
- roll your own xauth (file copying, etc.) and fudge DISPLAY to point at the
actual X display, not the proxy
Does that make it clearer?
You could possibly also compile your own sshd, which doesn't generate a
random xauth token and instead uses a fixed one. You can then distribute this
'secret' to all your accounts, which will mean the proxy will always accept
local connections. I don't think it's that big a security hole tbh.
Cheers,
Alex.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list