Displaying 20 results from an estimated 44 matches for "forwardx11trusted".
2016 Mar 14
2
[Bug 2552] New: ssh -X and "ForwardX11Trusted no" break most applications, distros turn on "ForwardX11Trusted yes"
https://bugzilla.mindrot.org/show_bug.cgi?id=2552
Bug ID: 2552
Summary: ssh -X and "ForwardX11Trusted no" break most
applications, distros turn on "ForwardX11Trusted yes"
Product: Portable OpenSSH
Version: 7.2p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5...
2015 Jul 05
2
ssh -X versus -Y
...tical difference I have seen is the improved performance of -Y
> over -X. I have long attributed that to the relaxation of security
> controls in the former case.
When and how did you measure that?
The -Y change was introduced in Fedora Core 3, in November 2004. The
default was changed to ForwardX11Trusted=yes just a month or two later.
I'm not sure -X and -Y ever behaved differently on Enterprise Linux or
CentOS.
At this point, I don't think it's even possible to set
ForwardX11Trusted=no any more. The X SECURITY extension was replaced
with "X Access Control Extension" s...
2015 Jul 06
1
ssh -X versus -Y
On Mon, 6 Jul 2015, Liam O'Toole wrote:
> On 2015-07-05, Gordon Messmer > <gordon.messmer at gmail.com> wrote:
>> On 07/05/2015 04:51 AM, Liam O'Toole wrote:
>>
>> At this point, I don't think it's even possible to set
>> ForwardX11Trusted=no any more. The X SECURITY extension was replaced
>> with "X Access Control Extension" several years ago.
>
> The perceived difference was a general impression on my part, and not
> measured scientifically. Moreover, it was formed years ago, and on a
> variety of Linux...
2005 Feb 28
2
[Bug 987] "man ssh" doesn't mention 'ForwardX11Trusted'
http://bugzilla.mindrot.org/show_bug.cgi?id=987
Summary: "man ssh" doesn't mention 'ForwardX11Trusted'
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: an...
2004 May 23
5
OpenSSH v3.8p1 fails to interoperate for GSSAPI (Kerberos) and X-Windows
...nssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2.
Symptoms:
1. When the client and server versions are unequal, the Kerberos ticket
is not accepted for authentication. All the clients have
PreferredAuthentications gssapi-with-mic, gssapi, others.
2. When ForwardX11 is true (ssh -X switch), ForwardX11Trusted is at its
default value (false), the client is 3.8p1, and the server is 3.5p1,
most X Window System clients work OK, but the following fail with the
indicated obscure error messages:
xmag BadDrawable (infinite loop of this error)
xwd BadWindow
xcalc (intermittent; s...
2004 Mar 09
2
ForwardX11Trusted
...takes a little while to do the key exchange, go off and do
something in another window in the meantime, and then come back when
it's finished, you may well find that the untrusted cookie's expired in
the meantime. This seems a bit excessive.
Would anyone think I was crazy for defaulting to ForwardX11Trusted in
our OpenSSH package for a while until this becomes more mature? At least
then we don't regress.
--
Colin Watson [cjwatson at flatline.org.uk]
2005 Mar 26
0
bug: X11 forwarding silently falls back to ForwardX11Trusted=yes
...p2) an check for the timestamp (6 seconds
> > delay). Do you have any idea what may causes this behaviour? Platform is
> > Solaris 5.9 Generic_117171-05.
>
> One thing that changed was the use of untrusted xauth cookies. You can
> use the previous behaviour by putting "ForwardX11Trusted yes" in
> ssh_config.
>
> The other possibility I can think of is some kind of name resolution or
> IPv6 wackiness: you can try "UseDNS no" and "AddressFamily inet" in
> sshd_config and/or start sshd with the "-4" option to test those.
I actual...
2011 Jul 26
0
ForwardX11Trusted=no and dead characters
Hi,
although i'm using X11Forwarding only in my local environment, i'd like
to avoid setting 'ForwardX11Trusted' to 'yes'.
When starting applications like 'freerdp' on the remote machine while
'ForwardX11Trusted' is _not_ set to 'yes' on the client, the characters
\ = 51 = <BKSL> backslash
| = 94 = <LSGT> pipe
won't work.
Any ideas?
Thanks,
-Mark
--...
2006 Oct 07
0
[Bug 987] "man ssh" doesn't mention 'ForwardX11Trusted'
http://bugzilla.mindrot.org/show_bug.cgi?id=987
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
------- Comment #3 from dtucker at zip.com.au 2006-10-07 11:38 -------
Change all RESOLVED bug to CLOSED with the exception
2005 May 03
5
CentOS 4 - problem with remote X application
Hello
i have a problem on CentOS 4 with starting remote x application on
remote CentOS 3 od Solaris 9 boxes.
The problem is: When I run it from CentOS 3 it's OK form CentOS 4 I
cannot find a bad word in logs ...
My local machine
stoping firewall
[root at klima-pc ~]# service iptables stop
[root at klima-pc ~]# iptables-save
[root at klima-pc ~]#
SELinux is OFF
I am connecting by ssh
2004 Mar 19
2
X forwarding and BadWindow error
Has anybody else experienced weird X11 forwarding problems such
as the one below:
andreas at teste10:~> x3270
X Error of failed request: BadWindow (invalid Window parameter)
Major opcode of failed request: 3 (X_GetWindowAttributes)
Resource id in failed request: 0x404372
Serial number of failed request: 833
Current serial number in output stream: 834
or
andreas at teste10:~>
2018 Apr 27
4
[PATCH] allow indefinite ForwardX11Timeout by setting it to 0
...dc407ed 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -683,6 +683,7 @@ X11 connections received by
after this time will be refused.
The default is to disable untrusted X11 forwarding after twenty minutes
has
elapsed.
+A timeout of zero allows untrusted X11 forwarding indefinitely.
.It Cm ForwardX11Trusted
If this option is set to
.Cm yes ,
--
2.17.0
2015 Jul 06
0
ssh -X versus -Y
...s the improved performance of
>> -Y over -X. I have long attributed that to the relaxation of security
>> controls in the former case.
>
> When and how did you measure that?
>
> The -Y change was introduced in Fedora Core 3, in November 2004. The
> default was changed to ForwardX11Trusted=yes just a month or two
> later. I'm not sure -X and -Y ever behaved differently on Enterprise
> Linux or CentOS.
>
> At this point, I don't think it's even possible to set
> ForwardX11Trusted=no any more. The X SECURITY extension was replaced
> with "X Access C...
2011 Aug 25
1
Add missing -o options in ssh(1) manual
...+++ ssh.1 25 Aug 2011 19:24:29 -0000
@@ -419,11 +419,13 @@ For full details of the options listed b
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlPersist
.It DynamicForward
.It EscapeChar
.It ExitOnForwardFailure
.It ForwardAgent
.It ForwardX11
+.It ForwardX11Timeout
.It ForwardX11Trusted
.It GatewayPorts
.It GlobalKnownHostsFile
@@ -438,6 +440,7 @@ For full details of the options listed b
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LocalCommand
2014 Jan 02
0
ForwardX11Timeout = 0 disables untrusted connections
Hi,
it seems that setting
ForwardX11Trusted = yes
ForwardX11Timeout = 0
causes untrusted connections to be refused immediately. While this
certainly makes sense this way, I believe in this case ForwardX11Timeout
= 0 might be better used for disabling the timeout entirely (the current
behaviour is the same as ForwardX11Trusted = no).
Is...
2004 Apr 05
5
[Bug 832] X forwarding crashes on some applications
http://bugzilla.mindrot.org/show_bug.cgi?id=832
Summary: X forwarding crashes on some applications
Product: Portable OpenSSH
Version: 3.8p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: ktaylor
2008 Jul 26
0
Still no joy: no X11 protocols
...ts17 5010" -e telnet bignts17 5010
> xterm Xt error: Can't open display:
And the config files, first from the server (work) machine:
> # for f in /etc/ssh/ssh*_config;do echo $f;egrep -v $'^[ \t]*(#|$)' $f ;done
> /etc/ssh/ssh_config
> Host *
> ForwardX11 no
> ForwardX11Trusted yes
> Protocol 2
> SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> SendEnv LC_IDENTIFICATION LC_ALL
> /etc/ssh/sshd_config
> Protocol 2
> PasswordAuthentication no
> UsePAM y...
2006 Feb 17
4
ssh x11 forwarding problem
I'm running into an a problem with x11 forwarding over ssh
I'm trying to run an application (rasmol - molecule viewing program)
which when using the the default setup for x11 forwarding causes the
following error:
X Error of failed request: BadAccess (attempt to access private
resource denied)
Major opcode of failed request: 132 (MIT-SHM)
Minor opcode of failed request: 1
2004 Jun 25
4
X user application fails come up but xclock and xterm come up
Hi ,
I open secure Session with X11 forwarding. when run any standard X
applicattion like xterm xclock
it come up without any error. I start my user X application it fails. On
User application side it fails when
"xtOpenDisplay" system call with localhost:10.0.
On SSH server debug message are :
> debug1: X11 connection requested.
> debug2: fd 20 setting TCP_NODELAY
>
2015 Jun 26
3
ssh -X versus -Y
On Fri, 26 Jun 2015 at 03:16 -0000, Alexandru Chiscan wrote:
> On 06/25/2015 11:51 PM, Stuart Barkley wrote:
> > Then from your desktop (assuming Linux already running X) in a
> > local xterm do something like:
> >
> > ssh -Y remote-system
>
> Do not use that because any user logged on the server can connect to
> your X server display and snoop what you