From owner-freebsd-mobile Sun Jul 2 14: 0:18 2000 Delivered-To: freebsd-mobile@freebsd.org Received: from mail.networkone.net (mail.networkone.net [209.144.112.75]) by hub.freebsd.org (Postfix) with SMTP id 4887337BE52 for ; Sun, 2 Jul 2000 14:00:15 -0700 (PDT) (envelope-from reader@newsguy.com) Received: (qmail 26634 invoked from network); 2 Jul 2000 21:00:13 -0000 Received: from adsl-117-113.ln.networkone.net (HELO reader.ptw.com) (209.144.117.113) by mail.networkone.net with SMTP; 2 Jul 2000 21:00:13 -0000 Received: (from reader@localhost) by reader.ptw.com (8.9.3/8.9.3) id OAA01355; Sun, 2 Jul 2000 14:05:30 -0700 X-Authentication-Warning: reader.ptw.com: reader set sender to reader@newsguy.com using -f To: freebsd-mobile@FreeBSD.ORG Subject: Re: X-display from laptop to desk References: <20000702191902.A34291@keltia.freenix.fr> From: Harry Putnam In-Reply-To: Ollivier Robert's message of "Sun, 2 Jul 2000 19:19:02 +0200" Date: 02 Jul 2000 13:05:09 -0700 Message-ID: User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.5 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Lines: 79 Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ollivier Robert writes: > According to Harry Putnam: > > Ahhh... ok so su root *before* ssh'ing that make sense. > > But you don't want to ssh as root. > > Instead of ssh-ing as root, use some utility such as calife (found in > ports/security/calife) or sudo to become root. That way, the authentication is > not a problem anymore. A private poster has had this to say on the subject (hope he doesn't mind my posting it) When you connect ssh creates a cookie file that contains a random secret that X applications use to authenticate themselves to the X server (to prevent other users on the same system hijacking your X session). An environment variable called XAUTHORITY is created with the path to this file. An environment called DISPLAY is also created which tells X clients which host and ports the X server is running on. e.g. on my system when I ssh to another host my environment will have something like the following: DISPLAY=server.domain.ac.uk:11.0 XAUTHORITY=/tmp/ssh-jsQ74750/cookies Sounds as if (posters suggestion) another good way to do this is to set those VARS in the root shell created. I'm using plain su like: $ su Using bash shell on both user and root accounts but I do *NOT* see the XAUTHORITY var. $ echo $XAUTHORITY ..... nothing from the sshed shell on remote. In fact I've done a little experimenting and find that the ENV settings hardly change. Here is what I did: ssh satellite to get shell as user reader on remote $ env >reader.env $ su # env >root.env Now run diff on the two files: diff root.env reader.env 10,11c10,11 < PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:\ /usr/local/bin:/usr/X11R6/bin:/root/bin < HOME=/root --- > PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:\ /usr/X11R6/bin > HOME=/home/reader 13c13 < PS1=`id -un`@`hostname|sed s/[.].*n//` `pwd`\nbsd # --- > PS1=`id -un`@`hostname|sed s/[.].*n//` `pwd`\nbsd > 22c22 < SHLVL=2 --- > SHLVL=1 Nothing concerning authorization of any kind. Yet after suing I call vim I get the error messges mentioned Another factor in this is that the initial xterm on the local machine is an xterm created by `ssh-agent' and `ssh-add' to add the authorization. From that shell I'm ssh'ing to remote running 4.0 snap 06/24. So still don't quite see what is happening here. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message