[PLUG] Xauth data?

Elliott Mitchell ehem at m5p.com
Fri Apr 30 19:22:02 UTC 2004


> From: Rich Shepard <rshepard at appl-ecosys.com>
> On Fri, 30 Apr 2004, Paul Johnson wrote:
> > Do windows still appear when you try running X11 programs?  If so, who
> > cares?
> 
>   I don't know, Paul. I've not yet tried running any application in a GUI.
> About all I do remotely is process mail (pine), Usenet (slrn) and exchange
> files between my workstation and notebook. The X11 forwarding is there just
> in case I may need it some day.

Might be best to disable X-forwarding then. "-x" on the command line, or
"ForwardX11 no" in the config file. There have been a couple holes found
in XFree86, and those provide rather nasty access.


> From: Rich Shepard <rshepard at appl-ecosys.com>
> > What is happening is SSH is creating a fake cookie for connections to the
> > remote end, while at the local end host-based access is being used. This
> > is bad, but too likely to cause problems for you.

>   I presume you meant _not_ too bad. Thanks for the explanation. I will
> return to not worrying about it.

Not quite, should of been "but not too likely". Slight difference, it is
definitely still bad(tm).   :-)


> From: Jeme A Brelin <jeme at brelin.net>
> On Fri, 30 Apr 2004, Rich Shepard wrote:
> >   I don't know, Paul. I've not yet tried running any application in a
> > GUI. About all I do remotely is process mail (pine), Usenet (slrn) and
> > exchange files between my workstation and notebook. The X11 forwarding
> > is there just in case I may need it some day.
> 
> If X isn't running on the system to which you're connecting, there'd be no
> XAuth data to share with the remote host.

Incorrect. Even if a host doesn't have a local X-server or X-clients, if
it has `xauth` it can still act as a tunnel for X-clients. The XAuth data
originates on the server end, and unless explicitly configured not too
sshd will still attempt to setup X forwarding (until it discovers `xauth`
is absent at which point it will fail).


-- 
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \   (    |         EHeM at gremlin.m5p.com PGP 8881EF59         |    )   /
  \_  \   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
    \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/






More information about the PLUG mailing list