Hi,
I'm running OpenSSH-1.2.2p1 under RH Linux 6.1.
One of my machines is a laptop, and its IP address tends to change as I move
it around. I have set its kernel hostname to "vaio.linnet.org", and
have the
following in /etc/hosts to ensure this name is always usable:
127.0.0.1 localhost.localdomain localhost vaio.linnet.org
Now, the problem is with X forwarding. If I ssh into this box with X
forwarding, it doesn't work - see transcript below. I have to set
"hostname
<real-hostname>" (where real-hostname is whatever today's name
is), and
restart sshd, before it will work.
Now, ssh appears to use the kernel hostname when deciding what address to
provide the tunneled X service on:
[brian at vaio brian]$ echo $DISPLAY
vaio.linnet.org:10.0
So, my questions are:
(1) Why doesn't this work when the hostname resolves to 127.0.0.1?
(2) Wouldn't it be better/more secure to do all the host forwarding via
127.0.0.1 anyway? (i.e. DISPLAY=127.0.0.1:10.0) In this case, sshd
wouldn't actually care what the kernel thought the hostname was.
Thanks,
Brian Candler.
[please CC me on any reply]
--------------------------------------------------------------------------
$ ssh -v -X <real-hostname>
...
debug: Requesting X11 forwarding with authentication spoofing.
...
[brian at vaio brian]$ xclock
debug: Received X11 open request.
debug: channel 0: new [X11 connection from localhost.localdomain port 1117]
debug: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug: X11 rejected 0 i1/o16
debug: channel 0: INPUT_OPEN -> INPUT_WAIT_DRAIN [read failed]
debug: channel 0: shutdown_read
debug: channel 0: OUTPUT_OPEN -> OUTPUT_WAIT_IEOF [write failed]
debug: channel 0: shutdown_write
debug: X11 rejected 0 i2/o64
debug: channel 0: INPUT_WAIT_DRAIN -> INPUT_WAIT_OCLOSE [inbuf empty, send
IEOF]
debug: channel 0: OUTPUT_WAIT_IEOF -> OUTPUT_CLOSED [rvcd IEOF]
debug: channel 0: INPUT_WAIT_OCLOSE -> INPUT_CLOSED [rcvd OCLOSE]
debug: channel 0: full closed
X connection to vaio.linnet.org:10.0 broken (explicit kill or server shutdown).
[brian at vaio brian]$ xauth list
localhost.localdomain:10 MIT-MAGIC-COOKIE-1 95578613453a5bc68fc0f40d9acfe1b2
[brian at vaio brian]$ hostname
vaio.linnet.org
[brian at vaio brian]$
[P.S. It also doesn't work if I set "hostname
localhost.localdomain" before
restarting sshd]