Date: Thu, 17 Jul 2003 12:55:29 +0200 From: Erwin Lansing <erwin@lansing.dk> To: Marc Schoechlin <ms-freebsd@LF.net> Cc: freebsd-isp@freebsd.org Subject: Re: SSH && X11 && JAIL-Environment Message-ID: <20030717105529.GG87595@droso.net> In-Reply-To: <20030717104233.GA78671@LF.net> References: <20030717104233.GA78671@LF.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--BQPnanjtCNWHyqYD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jul 17, 2003 at 12:42:33PM +0200, Marc Schoechlin wrote:
> Hi !
>=20
> I would like to use X11_Forwarding with my Jail-System.
>=20
> I activated X11-Forwarding and restarted my SSHD.
>=20
> Trying to start "xclock" provides me the following result:
> --
> ms@nox:~$ xclock
> X11 connection rejected because of wrong authentication.
> X connection to localhost:10.0 broken (explicit kill or server shutdown).
> --
>=20
> A workaround for this is possible with that:
> --
> Client : ssh <jail> -R 6000:127.0.0.1:6000
> Jail-Host : export DISPLAY=3D<jail>:0.0
> Client : xhost +127.0.0.1
> Jail-Host : xclock
> --
>=20
> How unsecure is this ?
>=20
> This is maybe pretty unsecure - are there better alternatives ?
> (Maybe also more comfortable solutions ?)
>=20
Try using "X11UseLocalhost no" in your /etc/sshd_config in the jail.
--=20
_._ _,-'""`-._
Erwin Lansing (,-.`._,'( |\`-/| erwin@lansing.dk
http://droso.org `-.-' \ )-`( , o o) erwin@FreeBSD.org
-bf- `- \`_`"'-
--BQPnanjtCNWHyqYD
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/FoChqy9aWxUlaZARAiBaAKCDHaoo9ToY5Wq+/NHjrsj4uJsqMwCfa7E1
Ux4vd+FlkZB/sxSkYKI1do0=
=g2nF
-----END PGP SIGNATURE-----
--BQPnanjtCNWHyqYD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030717105529.GG87595>