From owner-freebsd-isp@FreeBSD.ORG Thu Jul 17 03:55:31 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 995C937B401 for ; Thu, 17 Jul 2003 03:55:31 -0700 (PDT) Received: from mail.droso.net (koala.droso.net [193.162.142.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 119FE43F93 for ; Thu, 17 Jul 2003 03:55:31 -0700 (PDT) (envelope-from erwin@mail.droso.net) Received: by mail.droso.net (Postfix, from userid 1001) id F27A432D0E; Thu, 17 Jul 2003 12:55:29 +0200 (CEST) Date: Thu, 17 Jul 2003 12:55:29 +0200 From: Erwin Lansing To: Marc Schoechlin Message-ID: <20030717105529.GG87595@droso.net> References: <20030717104233.GA78671@LF.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BQPnanjtCNWHyqYD" Content-Disposition: inline In-Reply-To: <20030717104233.GA78671@LF.net> X-Operating-System: FreeBSD/i386 4.8-RC User-Agent: Mutt/1.5.4i cc: freebsd-isp@freebsd.org Subject: Re: SSH && X11 && JAIL-Environment X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2003 10:55:31 -0000 --BQPnanjtCNWHyqYD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 17, 2003 at 12:42:33PM +0200, Marc Schoechlin wrote: > Hi ! >=20 > I would like to use X11_Forwarding with my Jail-System. >=20 > I activated X11-Forwarding and restarted my SSHD. >=20 > Trying to start "xclock" provides me the following result: > -- > ms@nox:~$ xclock > X11 connection rejected because of wrong authentication. > X connection to localhost:10.0 broken (explicit kill or server shutdown). > -- >=20 > A workaround for this is possible with that: > -- > Client : ssh -R 6000:127.0.0.1:6000 > Jail-Host : export DISPLAY=3D:0.0 > Client : xhost +127.0.0.1 > Jail-Host : xclock > -- >=20 > How unsecure is this ? >=20 > This is maybe pretty unsecure - are there better alternatives ? > (Maybe also more comfortable solutions ?) >=20 Try using "X11UseLocalhost no" in your /etc/sshd_config in the jail. --=20 _._ _,-'""`-._ Erwin Lansing (,-.`._,'( |\`-/| erwin@lansing.dk http://droso.org `-.-' \ )-`( , o o) erwin@FreeBSD.org -bf- `- \`_`"'- --BQPnanjtCNWHyqYD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/FoChqy9aWxUlaZARAiBaAKCDHaoo9ToY5Wq+/NHjrsj4uJsqMwCfa7E1 Ux4vd+FlkZB/sxSkYKI1do0= =g2nF -----END PGP SIGNATURE----- --BQPnanjtCNWHyqYD--