From owner-freebsd-questions@FreeBSD.ORG Fri Aug 22 11:00:30 2008 Return-Path: Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7D0E106567F for ; Fri, 22 Aug 2008 11:00:30 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id 36BD58FC26 for ; Fri, 22 Aug 2008 11:00:30 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.2/8.14.2) with ESMTP id m7MB0SGx055006; Fri, 22 Aug 2008 13:00:29 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.2/8.14.2/Submit) id m7MB0SJL055005; Fri, 22 Aug 2008 13:00:28 +0200 (CEST) (envelope-from olli) Date: Fri, 22 Aug 2008 13:00:28 +0200 (CEST) Message-Id: <200808221100.m7MB0SJL055005@lurza.secnetix.de> From: Oliver Fromme To: freebsd-questions@FreeBSD.ORG, roberto.nunnari@supsi.ch, nvass@teledomenet.gr In-Reply-To: <48AE9095.4030904@supsi.ch> X-Newsgroups: list.freebsd-questions User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.3-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 22 Aug 2008 13:00:29 +0200 (CEST) Cc: Subject: Re: X11 tunnel over ssh and then rsh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG, roberto.nunnari@supsi.ch, nvass@teledomenet.gr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2008 11:00:30 -0000 Roberto Nunnari wrote: > Wait! I found a possible workaround.. it seams that setting > X11UseLocalhost = no > on sshd_config tell sshd to bind the X11 forwarding server > to the wildcard address.. You will still have to forward the X11 authentication to the client machine with xauth(1) or xhost(1), I think. Using xhost(1) is much easier, but it's insecure. On the other hand you're using rsh and a public network socket to connect to, so everything you do is insecure anyway. I hope you're going to make your users aware of that. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell