'Antwort: Re: X11 tuneling: a hard to fix problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    Antwort: Re: X11 tuneling: a hard to fix problem
From:       Stefan Matthaeus <Stefan.Matthaeus () de ! gm ! com>
Date:       2006-04-21 5:42:20
Message-ID: OF3A8AF577.3590FB14-ONC1257157.001ED820-C1257157.001F5728 () de ! opel ! com
[Download RAW message or body]

Hello, 

by the way, ist it possible to get a full X11 / XDMCP session with 
broadcast, chooser and xfs through such a ssh-tunnel. I mean a graphical 
login screen and a full desktop. If yes, how to setup that on terminal and 
server? A weblink would be enough, if that exists, I haven't found 
anything. I am using normal XDMCP frequently, but I doubt that it has any 
security.

best regards,

Stefan 





"Mark Senior" <senatorfrog@gmail.com> 
20.04.2006 18:10

An
secureshell@securityfocus.com
Kopie

Thema
Re: X11 tuneling: a hard to fix problem






No, don't use xhost +

The entire point of using ssh for X11 forwarding is that the ssh
connection comes from a local process - you don't have to accept
outside X11 connections.

xhost + is used specifically for accepting X11 connections that
_don't_ come from a local process (e.g not over your SSH session).  If
for some reason the X11 connections are failing to be forwarded over
the SSH tunnel, xhost + will fix X11 functionally, but it will do it
by bypassing the entire SSH tunnel.

Mark


On 4/18/06, Jason Mitchell <jm@hcn.com.au> wrote:
> Hi Nader,
>
> on the host you're ssh'ing from try issuing "xhost +" prior to ssh'ing, 
eg:
>
> yourdesktop # xhost +
> yourdesktop # ssh -X user@remote
>
> Regards,
>
> Jason
>
> Nader Amadeu wrote:
>
> >Hi all, I've googled for more than a week trying to
> >fix this SSH X11 tuneling problem.
> >I appreciate some help and thank you in advance.
> >
> >I have a remote Solaris 9 with the following options in 
/etc/ssh/sshd_config:
> >X11Forwarding yes
> >X11DisplayOffset 10
> >ForwardX11Trusted yes
> >
> >Then I ssh it from my local desktop: (only most important lines here)
> >
> >[localdesktop]% ssh -vvv -XY user@remoteserver
> >OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
> >debug1: Reading configuration data /etc/ssh/ssh_config
> >debug2: ssh_connect: needpriv 0
> >debug1: Connecting to remoteserver [ip.address.here] port 22.
> >debug1: Connection established.
> >debug1: Remote protocol version 1.99, remote software version 
OpenSSH_4.2
> >debug1: match: OpenSSH_4.2 pat OpenSSH*
> >debug1: Enabling compatibility mode for protocol 2.0
> >debug1: Local version string SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903
> >debug2: fd 3 setting O_NONBLOCK
> >debug1: Authentication succeeded (publickey).
> >debug1: channel 0: new [client-session]
> >debug3: ssh_session2_open: channel_new: 0
> >debug2: channel 0: send open
> >debug1: Entering interactive session.
> >debug2: callback start
> >debug2: x11_get_proto: /usr/X11R6/bin/xauth  list :0.0 . 2>/dev/null
> >debug1: Requesting X11 forwarding with authentication spoofing.
> >debug2: channel 0: request x11-req confirm 0
> >debug2: client_session2_setup: id 0
> >debug2: channel 0: request pty-req confirm 0
> >debug2: channel 0: request shell confirm 0
> >debug2: fd 3 setting TCP_NODELAY
> >debug2: callback done
> >debug2: channel 0: open confirm rwindow 0 rmax 32768
> >debug2: channel 0: rcvd adjust 131072
> >
> >Now in the remoteserver:
> >
> >user@remoteserver % echo $DISPLAY
> >       DISPLAY: Undefined variable
> >user@remoteserver % netstat -a
> >       remoteserver.ssh        localdesktop.51899 66608     47 66608  0 
ESTABLISHED
> >
> >Even if i setenv DISPLAY to localhost:10, 11, 12 ... it does not work.
> >And from this netstat output I cannot find the X11 tuneling channel.
> >In another attempt below I have the following different debug messages:
> >
> >
> >[localdesktop]% ssh -vvv -o "ForwardX11Trusted no" user@remoteserver
> >debug2: x11_get_proto: /usr/X11R6/bin/xauth -f 
/tmp/ssh-9xszkw26hB/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted 
timeout 1200 2>/dev/null
> >debug2: x11_get_proto: /usr/X11R6/bin/xauth -f 
/tmp/ssh-9xszkw26hB/xauthfile list :0.0 . 2>/dev/null
> >debug1: Requesting X11 forwarding with authentication spoofing.
> >debug2: channel 0: request x11-req confirm 0
> >
> >
> >and again DISPLAY is an undefined variable.
> >Could anyone help me to get this X11 tunelling work?
> >Thanks all very much,
> >nader
> >
> >
> >
> >
> >
>
>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic