From owner-freebsd-current@FreeBSD.ORG Wed Mar 3 14:59:52 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1924716A4CE for ; Wed, 3 Mar 2004 14:59:52 -0800 (PST) Received: from postal2.es.net (postal2.es.net [198.128.3.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A68043D45 for ; Wed, 3 Mar 2004 14:59:52 -0800 (PST) (envelope-from oberman@es.net) Received: from ptavv.es.net ([198.128.4.29]) by postal2.es.net (Postal Node 2) with ESMTP (SSL) id IBA74465; Wed, 03 Mar 2004 14:59:51 -0800 Received: from ptavv (localhost [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 6647E5D07; Wed, 3 Mar 2004 14:59:51 -0800 (PST) To: naddy@mips.inka.de (Christian Weisgerber) In-reply-to: Your message of "Wed, 03 Mar 2004 02:46:33 GMT." Date: Wed, 03 Mar 2004 14:59:51 -0800 From: "Kevin Oberman" Message-Id: <20040303225951.6647E5D07@ptavv.es.net> cc: freebsd-current@freebsd.org Subject: Re: Breakage in X11 over ssh tunnel X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 22:59:52 -0000 > From: naddy@mips.inka.de (Christian Weisgerber) > Date: Wed, 3 Mar 2004 02:46:33 +0000 (UTC) > Sender: owner-freebsd-current@freebsd.org > > Kevin Oberman wrote: > > > In all of my system running current that are newer than 2/26/04 I am > > unable to run X applications over an SSH tunnel. I get a variety of > > errors, most pretty non-sensical, when I try. The tunnels are from > > stable systems to current system from yesterday or today. > > OpenSSH's X11 forwarding now defaults to providing untrusted client > access, which prevents the X11 clients from performing some operations. > Alas, many X11 programs (or the toolkits they're based on, e.g GTK1) > rely on trusted privileges and fail if these aren't available. > > You can enabled trusted X11 forwarding with ssh's -Y switch or the > ForwardX11Trusted configuration option. Note that this poses a > security risk if the host where the X11 client runs is under somebody > else's control or has been compromised. > > -- > Christian "naddy" Weisgerber naddy@mips.inka.de Christian, Thanks for the pointer, but I can't find any reference to this in either the documentation or in the source except that it exists in the ssh.1 file only as an entry in a list of options that may be specified. -Y is not listed at all. I'd love to find out exactly what this does! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634