ssh -Y -l user etc,etc
Glynn Clements
glynn at gclements.plus.com
Fri Feb 25 07:05:55 PST 2011
gene heskett wrote:
> > Note that if you change DISPLAY manually (via "export"), you may also
> > need to update the X authentication credentials with xauth.
> >
> I recall I did have to use xauth at one time, years ago. Unforch, no man
> pages for it are installed, and the --help output is criminally concise.
>
> If I do an 'xauth list', it only spits out one cookie, for the wap11 at
> *.*.*.100 on my local network.
Is that on "shop" or "coyote"?
"ssh -Y shop ..." (or -X) should add an xauth entry on "shop" along
the lines of:
shop/unix:10 MIT-MAGIC-COOKIE-1 fedcba9876543210fedcba9876543210
It should do this regardless of whether coyote's X server uses
xauth-style authentication (which is typically the case when started
via a display manager such as xdm, gdm, kdm, etc) or xhost-style
authentication (which is typically the case when started directly or
via startx).
However: it *doesn't* do this if you have a ~/.ssh/rc or
/etc/ssh/sshrc script. In that case, sshd passes the authentication
data to the script's stdin, and the script has to create the xauth
entries itself. This step is non-optional if you want to use X11
forwarding; if you have an rc script and it doesn't add the xauth
data, sshd's X proxy will end up refusing the connections.
The "SSHRC" section in the sshd(8) manpage goes into more detail.
> X11UseLocalHost is
> #X11UseLocalhost yes in /etc/ssh/sshd_config
> commented out. Does changing that need a reboot?
It requires restarting sshd, either with "kill -HUP ..." or whatever
mechanism your Linux distribution uses for managing services (e.g.
something like: "/etc/init.d/sshd restart").
But I don't think that will make any difference.
--
Glynn Clements <glynn at gclements.plus.com>
More information about the xorg
mailing list