X11 cookies and forwarding

Ed Phillips ed at UDel.Edu
Fri Nov 16 08:13:41 EST 2001


On Thu, 15 Nov 2001, Markus Friedl wrote:

> Date: Thu, 15 Nov 2001 21:54:11 +0100
> From: Markus Friedl <markus at openbsd.org>
> To: Ed Phillips <ed at UDel.Edu>
> Cc: OpenSSH Development <openssh-unix-dev at mindrot.org>
> Subject: Re: X11 cookies and forwarding
>
> On Thu, Nov 15, 2001 at 03:46:22PM -0500, Ed Phillips wrote:
> > but I
> > noticed today that with 2.9.9p2, if I use "ssh -X" to start a shell on the
> > server, in that shell XAUTHORITY is set to /tmp/ssh-XXXXXXXX/cookies and
> > there are cookies placed there there.
>
> wrong. 2.9.9 and later use $HOME, not /tmp

Okay... I figured that much out.  I was connecting ssh 2.9.9p2 to sshd
2.9p1.  Sorry...

> but what is your question?

Is the issue with cookies (that has been recently discussed - cookies on
NFS and such) a direct result of this change in 2.9.9p2?

> fake cookies are generated in order to restrict
> the access to the real x11 server to the duration
> of the ssh session and not to the duration of the
> x11 session.

Got it.

	Ed

Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key




More information about the openssh-unix-dev mailing list