Status of Bugzilla #1153

[Carson Gaspar]

--On Tuesday, February 21, 2006 06:09:16 PM +0100 Simon Vallet 
<svallet at genoscope.cns.fr> wrote:

> Of course my purpose wasn't to break ssh for *anybody* -- I never
> experienced problems reaching the "other" interface(s) of any
> forwarding host, that's all. Which OS are you using ?

It's not an OS issue, it's a routing issue. External networks are not 
advertised to Internal servers. And if they were, it wouldn't be with the 
ssh proxy bastion as the route. Of course this is fixable by doing some 
static host route injection, but that's a really evil solution to having 
the wrong fqdn being used.

If you really want to follow the "give the user enough rope" maxim, what 
you'd want is Yet Another Config Option to sshd that allows you to specify 
the X11 host name. But I doubt the maintainers would be happy with that, 
given their (not unjustified) resistance to more knobs.

I still think that your patch, as proposed, is a Very Bad Idea. And that 
you'd make your life much easier for yourself if you'd just make hostname() 
return an internally resolvable/reachable FQDN. Or if you're dead set 
against that, just transmogrify DISPLAY in the init scripts.

-- 
Carson