Displaying 20 results from an estimated 3000 matches similar to: "[Bug 803] Security Bug: X11 Forwarding is more powerful than it needs to be."
2001 Jul 06
1
Xauthority location: only per-user setting possible
Hello all,
$XAUTHORITY location has moved from under /tmp to ~/.Xauthority in 2.9p2.
The commit message was:
---
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
we do already trust $HOME/.ssh
you can use .ssh/sshrc and .ssh/environment if you want to customize
the location of the xauth cookies
---
The latter is true, but can only be enabled in per-user basis as far as I
see.
2005 Feb 07
1
treat output of sshrc as environment assignment lines?
Currently, ~/.ssh/environment can set static environment variables,
and ~/.ssh/rc can run initialization routines. But there is no way
for sshrc to propagate changes to the environment to the user's shell
or command.
There is, however, a possible way to do this. If the
PermitUserEnvironment option is set, sshd could treat the stdout of
sshrc as additional assignment lines of the form
2012 Jan 13
1
SELinux and rsh+xauth
Hello,
I have a strange (for me) problem with these two machines :
- Client, a CentOS-5.7 workstation ;
- Server, a CentOS-6.2 headless, up-to-date server.
From Client, I want to use xauth on Server with the help of rsh (yes, I
know, ssh and all this sort of things... another time.)
When SELinux is in permissive mode on Server, all these commands
perform as expected :
rsh Server
1999 Nov 28
2
gnuclient X11 & openssh
The following message is a courtesy copy of an article
that has been posted to comp.emacs.xemacs as well.
[This message has been CC'ed to the OpenSSH list in a plea to at least
consider supporting more advanced usages of Xauth]
Chris Green <sprout at dok.org> writes:
> Its not configurable behavior. It always generates a new random file
> in /tmp.
Then they should probably
2000 Dec 22
1
XAUTHORITY=/tmp/ssh-*/cookies makes forwarding through firewall difficult...
Hi.
I see this XAUTHORITY=/tmp/ssh-*/cookies issue has been discussed
repeatedly, but I haven't seen a solution to the following problem.
Remote user logs into firewall. On firewall, DISPLAY var set to secure
channel, XAUTHORITY set to /tmp/ssh-*/cookies. X11 forwarding from
firewall works fine.
User logs into machine behind firewall, and sets DISPLAY var to
firewall:X11DisplayOffset.0.
2010 Feb 25
1
secure Xapps tunnel
hi,
eventually newbie:
i want to show remote X-apps on my desktop.
now, i know from google that xhost and xauth is not the way to
so that very secure.
now, i have a ssh_config with X forwarding enabled and a server with
forwarding enabled, too.
now when i connect to server i read that ssh creates automaticaly a
Xauthory file.
So i know that this is the xauth way with supercookies etc.
but i
2003 Dec 11
4
[Bug 771] Add option to override XAUTHORITY env variable
http://bugzilla.mindrot.org/show_bug.cgi?id=771
Summary: Add option to override XAUTHORITY env variable
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: UltraSparc
OS/Version: SunOS
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2004 Sep 22
2
X11 problems on AIX (OpenSSH_3.7.1p2-pwexp24)
Hi folks,
I've got a problem with X11 forwarding on an AIX 5.2 system thats stumped
me.
I've installed the same patched + compiled installp package on all our aix
boxes
but one of them won't play ball with X11
ssh -X -v -v user at host gives (grepped out X11 looking lines)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1:
2015 Aug 05
26
[Bug 2440] New: X11 connection will fail if user's home directory is read-only
https://bugzilla.mindrot.org/show_bug.cgi?id=2440
Bug ID: 2440
Summary: X11 connection will fail if user's home directory is
read-only
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: normal
Priority: P5
Component: sshd
1999 Nov 26
1
openssh & XEmacs gnuclient issue
In switching to openssh from ssh-1.2.27, I have encountered the
following problem with the way openssh handles its XAUTHORITY files
separately from ~/.Xauthority.
XEmacs has a gnuserv process that runs and allows commands to be
issued to a remote XEmacs process. The trouble is when the command is
to make a new frame ( window ) on a different X display, it fails
because the Xauth cookie is not in
2001 Jul 21
5
Failed X11 authentication does the wrong thing
Hi,
if I do the following:
ssh -X localhost
su - another_user
xterm
I get:
X connection to ming:10.0 broken (explicit kill or server shutdown).
Where what is really wanted was something like:
Xlib: connection to ":0.0" refused by server
Xlib: Client is not authorized to connect to Server
xterm Xt error: Can't open display: :0.0
'tis easy to reproduce the bug, but the debug
2011 Oct 26
4
C6: ssh X-forwarding does not work
Hi all,
I have C6 i386 with cr repo enabled;
problem is, I can't get x-forwarding to work, xorg-x11-auth rpm is
installed, have checked sshd config for
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
Here is a verbose ssh logon, I can't see any difference to a working server:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3:
2002 Dec 04
1
AIX - X displays forwarding problem with su
Hey everyone
Currently i'm using AIX 4.3.3. I've installed OpenSSH version 2.9p1 which by
the way works with the
way i've hacked it together to get X Displays working correctly.
I can ssh into the system as myself export my display back no problem.
I can ssh to a system as myself and ( su - any_userid ) and export my
display back but i had
to hack this together in order to get
2003 Dec 11
7
.Xauthority & SMB
I asked this question a while ago, but never got any response. Since
then, I've researched the problem some more, so I can give a much more
concise description of what's happening.
I'm mounting the home directories of the users upon login (using
pam_mount) from the Windows server. However, none of the users can run X
Windows. It says there's a problem with the .Xauthority file.
2001 Nov 14
5
X11 forwards and libwrap support
Hi!
Is there any reason why support for the libwrap code isn't included
in the X11 forwarding code? I'd like to restrict access to that
port.
How many applications would break if the tcp port
would be closed and only the unix-domain socket would be available?
It's true that x11 forwardings can be considered as a security
risk and they are disabled because of that by default.
I
2004 Jun 17
1
access to subdirs of share only
Hi,
I've upgraded from 2.2.8a-SuSE PDC to 3.04-SuSE. OS is Linux 2.6, SuSE 9.1
Prof.
All users can logon correctly on all W2K domain clients and obtain their
roaming profiles. Now particular W2K SP 4 domain client cannot access to
the top-level of a share, WinExplorer says "Access denied". If the client
connects to a subdir of the same share as a new drive all works fine, same
2010 Oct 30
1
qemu sdl parameters via libvirt
Hello List, I run a few VMs via libvirt using '--sdl'. I would like
to use qemu parameters -no-quit, -no-frame and -ctrl-grab with
libvirt. Does libvirt support a way to use these qemu parameters?
Does libvirt provide a way to add these options under <graphics/> in
the domain.xml using 'virsh edit domain.xml'?
My current <graphics/> is as follows:
<graphics
2015 Mar 25
1
XML vm configfile with Display using QEMU GTK interface
Hello guys,
I'm trying to start a VM using the QEMU GTK Display Interface instead of a SDL window. But I'm failing.
My actual setting is using SDL with this XML line:
<graphics type='sdl' display=':0.0' xauth='/home/ploog/.Xauthority'/>
I changed to:
<graphics type='gtk'>
But it fails to start the VM.
Any ideias?
Thanks in advance,
2002 May 07
1
X11 forwarding and LBX
So I'm working from home today, and for the first time I've tried
running Evolution over a forwarded X11 connection. Even though work has
a T1 and I have 640k at home, and ssh is compressing, it's ... rather
slow.
So I fire off lbxproxy and try to run an xterm to see if it works. No
dice, authentication denied.
Does anybody have any experience with this? Is it possible to run
2000 Feb 28
3
SSH & xauth (fwd)
YO All!
Have you guys been following the SSH discussion on Bugtraq lately?
I like their idea the X forwarding should be OFF by default on the
client.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701
gem at rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
---------- Forwarded message