openssh X11Forwarding problem solution
Jim Knoble
jmknoble at pobox.com
Wed Mar 29 08:36:18 EST 2000
På 2000-Mar-28 klokka 22:58:03 +0200 skrivet Klaus Knopper:
: I believe the source of the problem is the automatic setup of the
: XAUTHORITY environment variable in different distributions
: (Mandrake, RedHat, others...) during login. openssh seems to create
: its own Xauthority cookie file in /tmp rather than create an entry
: in the user's $HOME/.Xauthority (why?). After successful ssh login,
: XAUTHORITY points to /tmp/ssh-randomstring/cookies, but the
: shell's profiles (/etc/profile.d/xhost.* in Mandrake 7.0) reset
: this variable to its default location $HOME/.Xauthority (except
: for root, this is why it works in the above context). So, the
: valid X11-cookie cannot be found by X11-applications because
: XAUTHORITY points to the wrong file.
Distributions that blindly set XAUTHORITY are broken. They should
check whether it's already set first, e.g.:
if [ -z "${XAUTHORITY}" ]; then
XAUTHORITY="${HOME}/.Xauthority"
export XAUTHORITY
fi
If the system administrator were to use PAM to set XAUTHORITY to a
desired value on login, it would be silently overridden, in the same
way that sshd's XAUTHORITY is. Violates principle of least surprise.
If i recall correctly, the reasons why OpenSSH doesn't use
~/.Xauthority are:
(1) alleviates problems with NFS-mounted home directories.
(2) authority entries can be cleaned up properly on logout instead of
sitting around.
Someone correct me there, please; i'm bound to be wrong.
--
jim knoble
jmknoble at pobox.com
More information about the openssh-unix-dev
mailing list