search for: forwardx11trust

https://bugzilla.mindrot.org/show_bug.cgi?id=2552 Bug ID: 2552 Summary: ssh -X and "ForwardX11Trusted no" break most applications, distros turn on "ForwardX11Trusted yes" Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5...

...tical difference I have seen is the improved performance of -Y > over -X. I have long attributed that to the relaxation of security > controls in the former case. When and how did you measure that? The -Y change was introduced in Fedora Core 3, in November 2004. The default was changed to ForwardX11Trusted=yes just a month or two later. I'm not sure -X and -Y ever behaved differently on Enterprise Linux or CentOS. At this point, I don't think it's even possible to set ForwardX11Trusted=no any more. The X SECURITY extension was replaced with "X Access Control Extension"...

On Mon, 6 Jul 2015, Liam O'Toole wrote: > On 2015-07-05, Gordon Messmer > <gordon.messmer at gmail.com> wrote: >> On 07/05/2015 04:51 AM, Liam O'Toole wrote: >> >> At this point, I don't think it's even possible to set >> ForwardX11Trusted=no any more. The X SECURITY extension was replaced >> with "X Access Control Extension" several years ago. > > The perceived difference was a general impression on my part, and not > measured scientifically. Moreover, it was formed years ago, and on a > variety of Lin...

http://bugzilla.mindrot.org/show_bug.cgi?id=987 Summary: "man ssh" doesn't mention 'ForwardX11Trusted' Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy:...

...nssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2. Symptoms: 1. When the client and server versions are unequal, the Kerberos ticket is not accepted for authentication. All the clients have PreferredAuthentications gssapi-with-mic, gssapi, others. 2. When ForwardX11 is true (ssh -X switch), ForwardX11Trusted is at its default value (false), the client is 3.8p1, and the server is 3.5p1, most X Window System clients work OK, but the following fail with the indicated obscure error messages: xmag BadDrawable (infinite loop of this error) xwd BadWindow xcalc (intermittent;...

...takes a little while to do the key exchange, go off and do something in another window in the meantime, and then come back when it's finished, you may well find that the untrusted cookie's expired in the meantime. This seems a bit excessive. Would anyone think I was crazy for defaulting to ForwardX11Trusted in our OpenSSH package for a while until this becomes more mature? At least then we don't regress. -- Colin Watson [cjwatson at flatline.org.uk]

...p2) an check for the timestamp (6 seconds > > delay). Do you have any idea what may causes this behaviour? Platform is > > Solaris 5.9 Generic_117171-05. > > One thing that changed was the use of untrusted xauth cookies. You can > use the previous behaviour by putting "ForwardX11Trusted yes" in > ssh_config. > > The other possibility I can think of is some kind of name resolution or > IPv6 wackiness: you can try "UseDNS no" and "AddressFamily inet" in > sshd_config and/or start sshd with the "-4" option to test those. I actu...

Hi, although i'm using X11Forwarding only in my local environment, i'd like to avoid setting 'ForwardX11Trusted' to 'yes'. When starting applications like 'freerdp' on the remote machine while 'ForwardX11Trusted' is _not_ set to 'yes' on the client, the characters \ = 51 = <BKSL> backslash | = 94 = <LSGT> pipe won't work. Any ideas? Thanks, -Mark...

http://bugzilla.mindrot.org/show_bug.cgi?id=987 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #3 from dtucker at zip.com.au 2006-10-07 11:38 ------- Change all RESOLVED bug to CLOSED with the exception

Hello i have a problem on CentOS 4 with starting remote x application on remote CentOS 3 od Solaris 9 boxes. The problem is: When I run it from CentOS 3 it's OK form CentOS 4 I cannot find a bad word in logs ... My local machine stoping firewall [root at klima-pc ~]# service iptables stop [root at klima-pc ~]# iptables-save [root at klima-pc ~]# SELinux is OFF I am connecting by ssh

Has anybody else experienced weird X11 forwarding problems such as the one below: andreas at teste10:~> x3270 X Error of failed request: BadWindow (invalid Window parameter) Major opcode of failed request: 3 (X_GetWindowAttributes) Resource id in failed request: 0x404372 Serial number of failed request: 833 Current serial number in output stream: 834 or andreas at teste10:~>

...dc407ed 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -683,6 +683,7 @@ X11 connections received by after this time will be refused. The default is to disable untrusted X11 forwarding after twenty minutes has elapsed. +A timeout of zero allows untrusted X11 forwarding indefinitely. .It Cm ForwardX11Trusted If this option is set to .Cm yes , -- 2.17.0

...s the improved performance of >> -Y over -X. I have long attributed that to the relaxation of security >> controls in the former case. > > When and how did you measure that? > > The -Y change was introduced in Fedora Core 3, in November 2004. The > default was changed to ForwardX11Trusted=yes just a month or two > later. I'm not sure -X and -Y ever behaved differently on Enterprise > Linux or CentOS. > > At this point, I don't think it's even possible to set > ForwardX11Trusted=no any more. The X SECURITY extension was replaced > with "X Access...

...+++ ssh.1 25 Aug 2011 19:24:29 -0000 @@ -419,11 +419,13 @@ For full details of the options listed b .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It DynamicForward .It EscapeChar .It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 +.It ForwardX11Timeout .It ForwardX11Trusted .It GatewayPorts .It GlobalKnownHostsFile @@ -438,6 +440,7 @@ For full details of the options listed b .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LocalCommand

Hi, it seems that setting ForwardX11Trusted = yes ForwardX11Timeout = 0 causes untrusted connections to be refused immediately. While this certainly makes sense this way, I believe in this case ForwardX11Timeout = 0 might be better used for disabling the timeout entirely (the current behaviour is the same as ForwardX11Trusted = no). I...

http://bugzilla.mindrot.org/show_bug.cgi?id=832 Summary: X forwarding crashes on some applications Product: Portable OpenSSH Version: 3.8p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: ktaylor

...ts17 5010" -e telnet bignts17 5010 > xterm Xt error: Can't open display: And the config files, first from the server (work) machine: > # for f in /etc/ssh/ssh*_config;do echo $f;egrep -v $'^[ \t]*(#|$)' $f ;done > /etc/ssh/ssh_config > Host * > ForwardX11 no > ForwardX11Trusted yes > Protocol 2 > SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES > SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT > SendEnv LC_IDENTIFICATION LC_ALL > /etc/ssh/sshd_config > Protocol 2 > PasswordAuthentication no > UsePAM...

I'm running into an a problem with x11 forwarding over ssh I'm trying to run an application (rasmol - molecule viewing program) which when using the the default setup for x11 forwarding causes the following error: X Error of failed request: BadAccess (attempt to access private resource denied) Major opcode of failed request: 132 (MIT-SHM) Minor opcode of failed request: 1

Hi , I open secure Session with X11 forwarding. when run any standard X applicattion like xterm xclock it come up without any error. I start my user X application it fails. On User application side it fails when "xtOpenDisplay" system call with localhost:10.0. On SSH server debug message are : > debug1: X11 connection requested. > debug2: fd 20 setting TCP_NODELAY >

On Fri, 26 Jun 2015 at 03:16 -0000, Alexandru Chiscan wrote: > On 06/25/2015 11:51 PM, Stuart Barkley wrote: > > Then from your desktop (assuming Linux already running X) in a > > local xterm do something like: > > > > ssh -Y remote-system > > Do not use that because any user logged on the server can connect to > your X server display and snoop what you