X11 display issues
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Thu Feb 22 07:41:06 EST 2001
On Wed, Feb 21, 2001 at 07:46:39PM +0100, Andy Polyakov wrote:
> > > This also has been discussed in SSHSCI's SSH context. All SSH versions
> > > (both SSHSCI and OpenSSH) derive value for DISPLAY variable from
> > > `uname -n`. The problem is that the returned value is not necessarily
> > > resolvable to a valid IP number which in turn might cause a failure.
> >
> > oh yes, this is a problem. i will probably change the sshd-X11-proxy
> > from internet to unix domain sockets.
>
> Say you run ssh against firewall in order to run X11 application on
> computer behind the firewall. UNIX socket would kill the idea...
well you can ssh from the firewall to the next machine.
> > libX is broken if i set DISPLAY=localhost:x.y and ignore any
> > X cookies.
>
> Note that I set it to anything *but* localhost:x.y (well, as long as you
> don't ssh localhost, but that would be confusing from key management
> viewpoint so that you don't normally do it).
i don't like the idea of having the X11 socket listen to inaddr_any.
> > > To make it fool-proof I suggest to set DISPLAY to the interface's
> > > address the user has reached the system in question through.
> >
> > I tried this before, but it does not work since it uses AF_INET6 if
> > i connect by
> > $ ssh -X ::1
>
> Does libX11 talk IPv6 at all?
no, this is the problem. your patch breaks x11-fwd if i connect
to an ipv6 address.
-m
More information about the openssh-unix-dev
mailing list