gnuclient X11 & openssh

Markus Friedl markus at openbsd.org
Tue Nov 30 02:04:47 EST 1999


On Sun, Nov 28, 1999 at 07:16:29PM +0100, Jan Vroonhof wrote:
> [This message has been CC'ed to the OpenSSH list in a plea to at least
>  consider supporting more advanced usages of Xauth]

You also wrote:
> I don't like a solution that forces involvement of editclient.sh.
> gnuclient should work on its own. The reason I don't like openssh
> mucking around with the xauthority stuff so much is that the cleanest
> solution would be for gnuclient to pass the cookie from its
> environment to XEmacs, however that could also be along a nonencrypted
> connection which is worse than over the file system.
>
> Does openssh at the very least copy the other cookies from the old
> authority file, so that gnuclients's own auth cookie will be found?

openssh does not _muck_ around with the xauthority stuff.
the openssh-server create a fake cookie and places this fake cookie
in /tmp/XauthXXXX. if a x11-client is started on this machine
the cookie is read from the file, the x11-request sent to the sshd,
sshd forwards the request to the ssh-client, the ssh-client replaces
the fake-cookie with the real cookie and sends the request to the
x11-server. the game with the fake-cookie is played in order to make
the cookie saved on the server short-lived. so it makes no sense copying
the long-lived cookies to the ssh-sever.

can you provide detailed information on 'how' gnuclient works?

other than this, you can overwrite the behaviour with your own
~/.ssh/environment, see sshd(8).

­markus





More information about the openssh-unix-dev mailing list