From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 21 02:14:19 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A90137B401 for ; Mon, 21 Apr 2003 02:14:19 -0700 (PDT) Received: from mail.droso.net (koala.droso.net [193.162.142.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A7D343F93 for ; Mon, 21 Apr 2003 02:14:18 -0700 (PDT) (envelope-from erwin@mail.droso.net) Received: by mail.droso.net (Postfix, from userid 1001) id 15D3032D17; Mon, 21 Apr 2003 11:14:17 +0200 (CEST) Date: Mon, 21 Apr 2003 11:14:16 +0200 From: Erwin Lansing To: Brian Dean Message-ID: <20030421091416.GD86753@droso.net> References: <20030420233133.GA593@neutrino.bsdhome.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline In-Reply-To: <20030420233133.GA593@neutrino.bsdhome.com> X-Operating-System: FreeBSD/i386 4.8-RC User-Agent: Mutt/1.5.4i cc: freebsd-hackers@freebsd.org Subject: Re: using x11 forwarding with ssh from a jail X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2003 09:14:19 -0000 --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 20, 2003 at 07:31:33PM -0400, Brian Dean wrote: > Hi, Howdy, >=20 > Is anyone having problems connecting to their X server from inside a > jail using ssh's X11 forwarding? >=20 > >From my non-jail environment, I ssh into my jail environment with X11 > forwarding enabled. When I try to invoke an X application, I get: >=20 > % xclock > X11 connection rejected because of wrong authentication. > X connection to localhost:11.0 broken (explicit kill or server shutdown= ). >=20 > It works fine if I uset 'xhost +' in my non-jail environment and the > point my display appropriately from inside the jail (bypassing ssh x11 > forwarding). Any ideas why X11 forwarding doesn't seem to do the > right thing? >=20 This has probably something to do with the mapping of localhost to the external ip address of the jail. Try setting: X11UseLocalhost no in /etc/ssh/sshd_config in your jail should fix this. Cheers, -erwin --=20 _._ _,-'""`-._ Erwin Lansing (,-.`._,'( |\`-/| http://droso.org/ erwin@lansing.dk `-.-' \ )-`( , o o) http://fnidder.dk/ -bf- `- \`_`"'- --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+o7Zoqy9aWxUlaZARApnrAKD5K2U9XhZbshMWp79RljStAd4W4wCg50P7 4pRX64tOs2MPz0ejjtH84tg= =GACu -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu--