Status of Bugzilla #1153
Carson Gaspar
carson at taltos.org
Wed Feb 22 03:10:21 EST 2006
--On Tuesday, February 21, 2006 10:31 AM -0500 Jefferson Ogata
<Jefferson.Ogata at noaa.gov> wrote:
> On 02/21/2006 10:10 AM, Carson Gaspar wrote:
>> --On Tuesday, February 21, 2006 11:03 AM +0100 Simon Vallet
>> <svallet at genoscope.cns.fr> wrote:
>>> OK -- we have globally the following setup here : an external ssh
>>> gateway performing X11 forwarding to the internal network -- as this
>>> machine is multihomed, a call to gethostname() returns (correctly IMO)
>>> the short name of the gateway, which is the value used to set DISPLAY
>>> and to add xauth credentials.
>>
>> No. gethostname() needs to return the (or a) FQDN of the server.
>> Anything else is just broken and begging for trouble. This is sysadmin
>> 101.
>
> Not everyone agrees with that opinion.
I've never met anyone who disagreed who had a sane reason not use the FQDN
(we're still using NIS for hostnames is not sane...). Would you like to be
the first? I'd be extremely interested in your reasoning why the FQDN isn't
the Right Thing To DO.
> DNS is just a namespace, after all. It isn't the be-all, end-all of
> namespaces, especially given how easy it is to spoof. Consider that
> sysadmin 240. :^)
True, but he's using DNS as his namespace internally, and complaining about
ambiguous shortname->FQDN mapping (and hasn't put "shortname." into DNS, so
he's not doing weird advanced things). "Doctor, it hurts when I do this!"
"Then don't do it." And what other namespace is deployed (ignoring NIS,
which is just evil and wrong)?
> One thing I don't understand: my experience is that ssh uses
> localhost:x.0 for the DISPLAY variable. Am I on crack?
Read your sshd config file - you have X11UseLocalhost set.
--
Carson
More information about the openssh-unix-dev
mailing list