From owner-freebsd-isp@FreeBSD.ORG Thu Jul 17 03:42:47 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8BCB37B401 for ; Thu, 17 Jul 2003 03:42:47 -0700 (PDT) Received: from bart.LF.net (bart.LF.net [212.9.190.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1436A43F75 for ; Thu, 17 Jul 2003 03:42:47 -0700 (PDT) (envelope-from ms@bart.LF.net) Received: from ms by bart.LF.net with local (Exim 4.10) id 19d6DZ-000KUM-00 for freebsd-isp@freebsd.org; Do, 17 Jul 2003 12:42:33 +0200 Date: Thu, 17 Jul 2003 12:42:33 +0200 From: Marc Schoechlin To: freebsd-isp@freebsd.org Message-ID: <20030717104233.GA78671@LF.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Ticket-Action: x X-Ticket-Nr: x Sender: Marc Schoechlin Subject: SSH && X11 && JAIL-Environment X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2003 10:42:48 -0000 Hi ! I would like to use X11_Forwarding with my Jail-System. I activated X11-Forwarding and restarted my SSHD. Trying to start "xclock" provides me the following result: -- ms@nox:~$ xclock X11 connection rejected because of wrong authentication. X connection to localhost:10.0 broken (explicit kill or server shutdown). -- A workaround for this is possible with that: -- Client : ssh -R 6000:127.0.0.1:6000 Jail-Host : export DISPLAY=:0.0 Client : xhost +127.0.0.1 Jail-Host : xclock -- How unsecure is this ? This is maybe pretty unsecure - are there better alternatives ? (Maybe also more comfortable solutions ?) Best regards Marc Schoechlin -- Gruss / Best regards | LF.net GmbH | fon +49 711 90074-413 Marc Schoechlin | Ruppmannstr. 27 | fax +49 711 90074-33 ms@LF.net | D-70565 Stuttgart | http://www.lf.net