XAUTHORITY=/tmp/ssh-*/cookies makes forwarding through firewall difficult...
Richard E. Silverman
res at shore.net
Sun Dec 24 14:24:58 EST 2000
On Fri, 22 Dec 2000, Jason Lassaline wrote:
> A workaround I've found that works:
> Remote user logs into firewall. On firewall: 'cat $XAUTHORITY >>
> ~/.Xauthority'. Log into machine behind firewall, & set DISPLAY to
> firewall:X11DisplayOffset.0.
This appears to imply that your accounts on the firewall box and on the
"machine behind firewall" are sharing a home directory via NFS. It
strikes me as a rather odd arrangement. In any event, if that's so, then
you are sending your proxy display key in the clear over your private
network when you do this copy.
> Why not set the cookie to /tmp/ssh-*/cookies & append a copy to
> ~/.Xauthority? Makes the clean up on exit issue more difficult, but
> still possible.
Because the point of putting it under /tmp is to avoid the problem I just
mentioned. Just copy your proxy display key over the secure connection.
You can do this via cut-and-paste with "xauth add", or like this as a
separate command:
firewall% xauth extract - $DISPLAY | ssh other-box xauth merge -
--
Richard Silverman
slade at shore.net
More information about the openssh-unix-dev
mailing list