Date: 02 Jul 2000 13:05:09 -0700 From: Harry Putnam <reader@newsguy.com> To: freebsd-mobile@FreeBSD.ORG Subject: Re: X-display from laptop to desk Message-ID: <m2n1k08fii.fsf@reader.ptw.com> In-Reply-To: Ollivier Robert's message of "Sun, 2 Jul 2000 19:19:02 %2B0200" References: <Pine.BSF.4.21.0007011813061.500-100000@heaven.gigo.com> <m2bt0gy1qp.fsf@reader.ptw.com> <20000702191902.A34291@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Ollivier Robert <roberto@keltia.freenix.fr> writes:
> According to Harry Putnam:
> > Ahhh... ok so su root *before* ssh'ing that make sense.
>
> But you don't want to ssh as root.
>
> Instead of ssh-ing as root, use some utility such as calife (found in
> ports/security/calife) or sudo to become root. That way, the authentication is
> not a problem anymore.
A private poster has had this to say on the subject (hope he doesn't
mind my posting it)
When you connect ssh creates a cookie file that contains a random secret
that X applications use to authenticate themselves to the X server (to
prevent other users on the same system hijacking your X session). An
environment variable called XAUTHORITY is created with the path to this
file. An environment called DISPLAY is also created which tells X clients
which host and ports the X server is running on. e.g. on my system when I
ssh to another host my environment will have something like the following:
DISPLAY=server.domain.ac.uk:11.0
XAUTHORITY=/tmp/ssh-jsQ74750/cookies
Sounds as if (posters suggestion) another good way to do this is to
set those VARS in the root shell created. I'm using plain su like:
$ su <PASSWORD> <RET> Using bash shell on both user and root accounts
but I do *NOT* see the XAUTHORITY var.
$ echo $XAUTHORITY ..... nothing from the sshed shell on remote.
In fact I've done a little experimenting and find that the ENV settings
hardly change. Here is what I did:
ssh satellite to get shell as user reader on remote <satellite>
$ env >reader.env
$ su <PASSWORD>
# env >root.env
Now run diff on the two files:
diff root.env reader.env
10,11c10,11
< PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:\
/usr/local/bin:/usr/X11R6/bin:/root/bin
< HOME=/root
---
> PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:\
/usr/X11R6/bin
> HOME=/home/reader
13c13
< PS1=`id -un`@`hostname|sed s/[.].*n//` `pwd`\nbsd #
---
> PS1=`id -un`@`hostname|sed s/[.].*n//` `pwd`\nbsd >
22c22
< SHLVL=2
---
> SHLVL=1
Nothing concerning authorization of any kind. Yet after suing I call
vim I get the error messges mentioned
Another factor in this is that the initial xterm on the local machine
is an xterm created by `ssh-agent' and `ssh-add' to add the
authorization.
From that shell I'm ssh'ing to remote running 4.0 snap 06/24.
So still don't quite see what is happening here.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-mobile" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m2n1k08fii.fsf>