Status of Bugzilla #1153
Carson Gaspar
carson at taltos.org
Wed Feb 22 03:20:54 EST 2006
--On Tuesday, February 21, 2006 5:02 PM +0100 Simon Vallet
<svallet at genoscope.cns.fr> wrote:
> This is not in any way included in any standard, and I personally
> think that it was a reasonable choice. However, even if this is a
> debatable topic, it totally misses the point : even when gethostname()
> returns an FQDN, there is no way to tell in advance if the returned
> value will fit wanted ("working") usage.
>
> And actually, arbitrarily (from an OpenSSH POV) choosing an
> interface/hostname to use in DISPLAY regardless of the interface the
> SSH traffic is coming from seems just as "broken" and "begging for
> trouble".
Your "solution" will _break_ many sane setups. In the exact setup you
describe (ssh from a less trusted network to a bastion host, then
connecting to more trusted hosts), I don't _want_ the DISPLAY variable to
have the FQDN of the _external_ interface, as nothing internal will be able
to connect to it. I have no idea how this is supposed to make your problem
_better_.
Set your hostname to be sane, and all will be well. Or give your users init
scripts that do whatever DISPLAY/xauth transforms you wish. Don't break ssh
for the rest of us because you have some religious belief that hostname()
should return an ambiguous name.
--
Carson
More information about the openssh-unix-dev
mailing list