[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: which port is used when one sets DISPLAY=clienthost:0 ?
From:       "French, David" <David_French () intuit ! com>
Date:       2007-05-15 17:34:21
Message-ID: 5473E12D51727749B7CCC087E47365500429F241 () SDGEXEVS03 ! corp ! intuit ! net
[Download RAW message or body]

This is the wrong venue for this but you can do one of 2 things: 

- If you want to use user1's dot files as user2 you can set HOME=~user1.  X programs \
will look for authentication info in $HOME/.Xauthority or whatever file is defined in \
with the XAUTHORITY environment variable.  user2 will need to have read access to the \
file whether setting HOME or XAUTHORITY. 

- You can export the key and import it for the other user.
  As user1 before su:  xauth list $DISPLAY
  As user2 after su:   xauth add __cut_paste_of_last_command__
                       set DISPLAY to proper value for ssh tunnel,
                       such as setenv DISPLAY localhost:10

I would recommend going to www.openssh.com.  Under resources on the main page you can \
sign up for the OpenSSH mail lists, or search the mail list archives.

    --Dave




-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au on behalf of cadu
Sent: Tue 5/15/2007 9:11 AM
Cc: ipfilter
Subject: Re: which port is used when one sets DISPLAY=clienthost:0 ?
 
Thanks again Stuart. You are responsible of a greate improvement
of my understanding on that. Just a last question  :-)
If i SSH from user1@A to user1@B, and then `su user2`
inside B, the X forwarding is broken, even if i
setenv DISPLAY localhost:10 or wharever number.
This is the message:
   X11 connection rejected because of wrong authentication.
   X connection to localhost:10.0 broken (explicit kill or server shutdown).

Is it possible to be fixed? Like if user2 is root, i cannot
log in directy to it from SSH. All the best ...


> If it's DISPLAY=A:0 it would be a (non-encrypted,
> non-tunnelled) TCP connection to A port 6000.
> 
> Whereas DISPLAY=A:1 would be to A port 6001
> (and the X server would need to know how to
> talk to a second display, such as two monitors
> or some virtual display setup).
> 


[prev in list] [next in list] [prev in thread] [next in thread]