Date: Thu, 10 May 2018 21:25:10 +0200 From: Christoph Moench-Tegeder <cmt@burggraben.net> To: freebsd-x11@freebsd.org Subject: Re: ssh -X remote does not work due to problem with xauth Message-ID: <20180510192510.GA38033@elch.exwg.net> In-Reply-To: <20180510182928.GA3747@c720-r314251> References: <20180510182928.GA3747@c720-r314251>
next in thread | previous in thread | raw e-mail | index | archive | help
## Matthias Apitz (guru@unixarea.de): > I'm facing a problem with running from FreeBSD 'ssh -X remote host'. The > remotre server is a recent SLES Linux system. This thread started in > freebsd-questions@ and I now move it to here as it seems more a problem > of the Xorg server than a ssh problem of the base system. As the ssh manpage tells us, X11 forwarding with "-X" is subject to the X11 SECURITY extension controls. For the whole X11 SECURITY stuff, the doc entry point is https://www.x.org/wiki/Development/Documentation/Security/ , but in a hash - "... SECURITY, which provides support for a simple trusted/untrusted connection model. Untrusted clients are restricted...". What you want in most cases is a "trusted" connection, which you'll get by using "ssh -Y" (or by using ForwardX11Trusted in ssh config). Once you know about the SECURITY extension, this is entirely expected... Use xdpyinfo to find out about active X11 extensions: on my systems, the FreeBSD system with fairly minimal X11 configuration does not have SECURITY active (so using "ssh -X" from Linux to FreeBSD works out fine), but the Linux (Debian) system with a similarily minimal xorg.conf has SECURITY enabled: I need "ssh -Y" from FreeBSD to Linux. I haven't yet checked what causes these differing defaults. Regards, Christoph -- Spare Space
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180510192510.GA38033>