You are not logged in.
- Topics: Active | Unanswered
#1 2007-12-04 17:30:28
- oringo
- Member
- Registered: 2007-08-23
- Posts: 21
ssh x11 forwarding problem
I have two boxes running arch, and this used to work perfectly:
from box1:
ssh -X box2; xterm
from box2:
ssh -X box1; xterm
Now after upgrading xorg:
ssh -X box1/2; xterm now returns:
X Error of failed request: BadDrawable (invalid Pixmap or Window parameter)
Major opcode of failed request: 55 (X_CreateGC)
Resource id in failed request: 0x218
Serial number of failed request: 1
Current serial number in output stream: 3
However, things still seem to work if I use ssh -Y. Does anyone have a clue?
Offline
#2 2007-12-05 10:09:28
- gradgrind
- Member
- From: Germany
- Registered: 2005-10-06
- Posts: 921
Re: ssh x11 forwarding problem
Probably something changed in ssh.conf or sshd.conf - see the man pages to see what the -Y option does that -X doesn't. I think the -Y option has been the correct way (with default conf files) for quite a while.
larch: http://larch.berlios.de
Offline
#3 2007-12-05 12:17:30
- Ramses de Norre
- Member
- From: Leuven - Belgium
- Registered: 2007-03-27
- Posts: 1,289
Re: ssh x11 forwarding problem
Same problem here. The man page about -Y:
-X [...]
X11 forwarding should be enabled with caution. Users with the ability to bypass file
permissions on the remote host (for the user's X authorization database) can access
the local X11 display through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions
by default. Please refer to the ssh -Y option and the ForwardX11Trusted directive in
ssh_config(5) for more information.
-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11
SECURITY extension controls.Offline
#4 2007-12-05 16:18:19
- oringo
- Member
- Registered: 2007-08-23
- Posts: 21
Re: ssh x11 forwarding problem
That's what I thought too. ssh -Y is less restrictive and potentially less secure than ssh -X. Does anyone know how to tweak the ssh security options to allow ssh -X to function correctly?
Offline
#5 2008-02-19 19:26:49
- alroger
- Member
- From: Brasil
- Registered: 2008-02-12
- Posts: 9
- Website
Re: ssh x11 forwarding problem
I've always used SSH with -X to access various machines and servers with Fedora and Ubuntu... never had a problema.
Now with ArchLinux (latest updates) -X doesn't work, and -Y works only in some cases.
I don't thing this is an issue with ssh_config.
Any clues on this?
---
http://cafe-ti.blog.br
Informacao de Pessoas para Pessoas.
Offline
#6 2008-02-19 20:11:39
- Rasi
- Member
- From: Germany
- Registered: 2007-08-14
- Posts: 1,914
- Website
Re: ssh x11 forwarding problem
interesting.. maybe this is related with my NX problem... No errors in Log tho, the client seems to connect, but the screen simply disappears...
He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
Douglas Adams
Offline
#7 2008-02-20 00:18:21
- Snowman
- Developer/Forum Fellow
- From: Montreal, Canada
- Registered: 2004-08-20
- Posts: 5,212
Re: ssh x11 forwarding problem
I need to use:
ForwardX11 yes
ForwardX11Trusted yes
in my config to have X11 forwarding.
Offline
#8 2008-02-20 03:36:07
- pauldonnelly
- Member
- Registered: 2006-06-19
- Posts: 776
Re: ssh x11 forwarding problem
I think that if you use -X then you need to do additional configuration in your X server, not with SSH. Magic cookies or something.
Offline