On Thu, 18 Apr 2002, Brett Lymn wrote:
:> as i posted earlier, we now disable nagle for TCP and X11 forwarding
:> endpoints.
:
:Hmmm speaking of X11 forwarding... why does openssh set the DISPLAY
:variable to be machine:x.0 (where x is the ssh X11 forwarder
:"display") instead of localhost:x.0? This causes grief if the address
:for "machine" is not resolvable.... think laptops hopping amongst
:networks that do not provide naming for the IP's they dish out.
making X11 forwarding function with SSH is challenging due to some
overly aggressive assumptions made by various X11 versions. however,
for OpenSSH 3.1 we changed the default historical behaviour of using
hostname in $DISPLAY and a wildcard proxy listener. this was done to
increase security and eliminate potential remote attacks directed at
the sshd X11 proxy.
X11UseLocalhost
Specifies whether sshd should bind the X11 forwarding server to
the loopback address or to the wildcard address. By default,
sshd binds the forwarding server to the loopback address and sets
the hostname part of the DISPLAY environment variable to
``localhost''. This prevents remote hosts from connecting to the
fake display. However, some older X11 clients may not function
with this configuration. X11UseLocalhost may be set to ``no'' to
specify that the forwarding server should be bound to the wild-
card address. The argument must be ``yes'' or ``no''. The de-
fault is ``yes''.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
