Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Xorg and X11 forwarding via ssh



I log in through xdm. I also add xhost +localhost in Xsetup_0 file but it
doesn't help.

*******
senecio: {8} more Xsetup_0
#!/bin/sh
# $Xorg: Xsetup_0,v 1.3 2000/08/17 19:54:17 cpqbld Exp $
xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail

xhost +localhost
******

> On Wed, Jun 18, 2008 at 11:32:36PM -0600, cngo%nmsu.edu@localhost wrote:
>> I did try to add
>>
>> > XAuthLocation /usr/pkg/bin/xauth
>> > in /etc/ssh/sshd_config and /etc/ssh/ssh_config.
>>
>> but it doesn't help.
>
> Let me guess.
>
> You start the X Server manually and don't log in through xdm or similar?
>
> In that case you do not have a X11 cookie. Please verify this with:
>
> xauth list $DISPLAY
>
> if you use xdm it should return a MIT-MAGIC-COOKIE or XDM-AUTHORIZATION
> key.
>
> When there is no such key then X11 forwarding shows a warning with e.g.:
>
> Warning: No xauth data; using fake authentication data for X11 forwarding.
>
> and when starting an X program such as xlock you get:
>
> Xlib: connection to "localhost:10.0" refused by server
> Xlib: Invalid MIT-MAGIC-COOKIE-1 key
> Error: Can't open display: localhost:10.0
>
>
> That's because the server, by default, requires the correct key.
>
> You can disable that requirement with 'xhost +localhost' or 'xhost +'
> but then you allow anyone on the client or even the whole network
> to control your X server.
>
> For some environments this might be ok, but in general, you need to
> use xdm or create a cookie manually with xauth.
>
>
> Greetings,
> --
>                                 Michael van Elst
> Internet: mlelstv%serpens.de@localhost
>                                 "A potential Snark may lurk in every
> tree."
>




Home | Main Index | Thread Index | Old Index