OpenSSH's ssh daemon and X11 event forwarding

Jim Knoble jmknoble at pobox.com
Sat Apr 1 08:29:23 EST 2000


OpenSSH ships with X11 forwarding off in both the server and the client
by default, to conform to the security model of 'if you need it, turn
it on explicitly'.

You can turn X11 forwarding on in the server using:

  X11Forwarding yes

in /etc/ssh/sshd_config.  (Note that setting it to 'no' doesn't
necessarily improve security, since users can set up their own
forwarding.)

For the OpenSSH client, you can either start the client with 'ssh -X',
or you can put, for example:

  Host somewhere.example.com *.internal.example.com
    ForwardX11 yes

in ~/.ssh/config.

There ought to be preformatted man pages (e.g., sshd.0) included in the
OpenSSH-1.2.3 source tarball.

-- 
jim knoble
jmknoble at pobox.com

På 2000-Mar-31 klokka 17:24:01 -0500 skrivet Jonathan Eckstein:

: I just installed OpenSSH under Solaris 7.  It seems to work.  However,
: when I connect to it using a PC running F-Secure SSH, I notice that the
: DISPLAY variable is not set, as it is when I use the same PC software to
: connect to other systems supporting SSH.  How do I know whether or not
: tunneling of X windows traffic through ssh is happening or not?  Is
: there anything special you have to do to get OpenSSH's sshd to handle
: forwarding of X events?  I tried looking at the sshd man page, but it
: prints as one single, gigantic paragraph, making it a bit hard to find
: things.





More information about the openssh-unix-dev mailing list