Re: ctrl+alt and ssh
Re: ctrl+alt and ssh
- Subject: Re: ctrl+alt and ssh
- From: Jeremy Huddleston <email@hidden>
- Date: Thu, 20 Jan 2011 23:05:25 -0800
On Jan 20, 2011, at 18:48, Brandon S Allbery KF8NH wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 1/17/11 23:15 , Jeremy Huddleston wrote:
>> On Jan 17, 2011, at 18:18, email@hidden wrote:
>>> Just so you know I'm not crazy: we want to run xscrabble on two continents. Xscrabble is started by one user who enters the all the players' names and their displays. In a university environment 15 years ago, whence xcrabble comes, everyone could just run "xhost +hostname" and start playing. But we don't want to do that over the wild Internet, and we don't want to learn about Kerberos just to play scrabble.
>>
>> Wow... I guess that's one way to do it... ;)
>
> Obi-Wan introducing Luke to the light saber comes to mind.
>
> I don;t think the xauth thing will work, unfortunately: ssh rolls a new
> auth cookie for the remote and only accepts that
right, and that's the one you're adding.
> , it doesn't snoop xauth
> calls to see added cookies; and in any case there would be no way to
> identify the remote connections over the ssh tunnel, which I suspect would
> be considered a serious security issue by the openssh maintainers.
huh? I'm not sure I follow, but I suspect there's a misunderstanding of how this all fits together.
The ssh client will check if there is an existing xauth key for $DISPLAY and use that one at the remote end of the tunnel. If there was no existing key (usually the case on OSX because it uses a launchd socket without xauth), it will create a key on the remote end.
> The "correct" (insofar as it will work) way to do this is to use xauth to
> authorize remote displays over the Internet.
don't do that. Try this:
user1@mac1 $ ssh user1@remote
user1@remote $ echo $DISPLAY
localhost:10.0
user1@remote $ xauth list
xauth list
<hostname>/unix:10 MIT-MAGIC-COOKIE-1 0c8fb5ce364ff753faf33da403866e8b
user2@mac2 $ ssh user2@remote
user2@remote $ echo $DISPLAY
localhost:11.0
user2@remote $ xauth list
<hostname>/unix:11 MIT-MAGIC-COOKIE-1 6c8686f5595d9e0fac671dc785321311
user2@remote $ xauth add <hostname>/unix:10 MIT-MAGIC-COOKIE-1 0c8fb5ce364ff753faf33da403866e8b
user2@remote $ xauth list
<hostname>/unix:11 MIT-MAGIC-COOKIE-1 6c8686f5595d9e0fac671dc785321311
<hostname>/unix:10 MIT-MAGIC-COOKIE-1 0c8fb5ce364ff753faf33da403866e8b
user2@remote $ DISPLAY=localhost:10 xterm
Note that user2's xterm will appear in user1's X11.app
I just verified this with urxvt, so it should work with whatever other application you have.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden