SSH & xauth (fwd)

[Mike Fisk]

On Fri, 3 Mar 2000, Sean Aaron Lisse wrote:

> > I have a suggestion that I think would be useful to implement.
> > People who have seen the Firewall Toolkit's X proxy will find this
> > suggestion familiar.  The fwtk provides a small proxy that users set their
> > DISPLAY to.  Whenever a new connection is initiated to that proxy, the
> > proxy pops-up a dialog box on the user's real DISPLAY.  The user must
> > agree to accept that incoming connection before the proxy will forward the
> > data from it.
> 
> My main objection to this would be that it's dependent upon the dialog-box
> program's presence.  You're tying down X forwarding to the
> presence/absence of another (perhaps machine-specific!) program in the
> system, and perhaps the compilation of SSH to the presence of X at all.
> 
>  Not a wonderful idea for a uniform text-based suite like SSH.  I'd have
> no problems at all if SSH was originally designed to be GUI with adding
> another dialog box.  Since it's not, however, I'd argue against it.

I wasn't been paying complete attention, but there have been some threads
on this list about the X programs (ssh-askpass, etc.) that prompt for
passwords.  I would assume that this dialog box would be provided the same
way that that functionality is provided (however that is or isn't
bundled).

The client could issue a text prompt in the tty, but that disrupts
whatever output is on that window (which might also be iconified and
ignored).

-- 
Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab
See http://home.lanl.gov/mfisk/ for contact information