SSH && X11 && JAIL-Environment
Erwin Lansing
erwin at lansing.dk
Thu Jul 17 03:55:31 PDT 2003
On Thu, Jul 17, 2003 at 12:42:33PM +0200, Marc Schoechlin wrote:
> Hi !
>
> I would like to use X11_Forwarding with my Jail-System.
>
> I activated X11-Forwarding and restarted my SSHD.
>
> Trying to start "xclock" provides me the following result:
> --
> ms at nox:~$ xclock
> X11 connection rejected because of wrong authentication.
> X connection to localhost:10.0 broken (explicit kill or server shutdown).
> --
>
> A workaround for this is possible with that:
> --
> Client : ssh <jail> -R 6000:127.0.0.1:6000
> Jail-Host : export DISPLAY=<jail>:0.0
> Client : xhost +127.0.0.1
> Jail-Host : xclock
> --
>
> How unsecure is this ?
>
> This is maybe pretty unsecure - are there better alternatives ?
> (Maybe also more comfortable solutions ?)
>
Try using "X11UseLocalhost no" in your /etc/sshd_config in the jail.
--
_._ _,-'""`-._
Erwin Lansing (,-.`._,'( |\`-/| erwin at lansing.dk
http://droso.org `-.-' \ )-`( , o o) erwin at FreeBSD.org
-bf- `- \`_`"'-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-isp/attachments/20030717/8f418e2b/attachment.bin
More information about the freebsd-isp
mailing list