[Gllug] automagic DISPLAYs

Alex Hudson home at alexhudson.com
Tue Sep 18 15:55:51 UTC 2001


On Tuesday 18 September 2001 16:41, you wrote:
> > Authentication problem. You could install xauth, or you could xhost + on
> > the server machine if it's not too strict. I don't think the tunnel does
> > anything particularly magic.
>
> The server (the initiator) is xhost +'d whilst testing, but that isn't
> going to help;  ssh isn't just doing port forwarding, otherwise it wouldn't
> need to mess about with the X authentication.

Well, it kind of is. It does do xauth - so, the local server (i.e. the 
forwarder) requires a cookie, which is not the same one as your X display. 
So, you have two solutions:

- get xauth working to use the local cookie (and hence not need to mess with 
DISPLAY), and it will all just work.
- roll your own xauth (file copying, etc.) and fudge DISPLAY to point at the 
actual X display, not the proxy

Does that make it clearer? 

You could possibly also compile your own sshd, which doesn't generate a 
random xauth token and instead uses a fixed one. You can then distribute this 
'secret' to all your accounts, which will mean the proxy will always accept 
local connections. I don't think it's that big a security hole tbh.

Cheers,

Alex.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list