On Wed, Dec 07, 2005 at 08:50:22AM -0800, Young, Randy wrote: > The first question I have is did you set xhost to allow the other server > in? Normally setting "xhost +" is not a good idea, it's a security > hole, so I usually do "xhost servername" to allow it in, and when done I > "xhost -servername" to remove it.
NO NO NO NO NO! Using xhost is not necessary with SSH, and indeed you should *not* do it! SSH uses MIT-MAGIC-COOKIES which, despite the silly name, is a far superior method of X authentication than the host-based authentication that xhost provides. If you run "xhost servername" you are allowing anyone logged in on that host to connect to your display, potentially steal keyboard events (like your password), etc. Generally, this is very bad. Instead, make sure SSH's automatic manipulation of cookies (via xauth) is working properly. It needs to be enabled on the server (with X11Forwarding), and the client needs to use the right options (-X and/or -Y on the command line, or ForwardX11 in your ssh options file). As long as this is configured properly, using xhost is completely unnecessary, and also generally defeats the purpose of using SSH in the first place. See Darren's message in this thread if that isn't sufficient to make it work... I'm sorry if this sounds harsh, but you are giving out bad advice, and that needs to be made clear. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgpy8dJAgQO1k.pgp
Description: PGP signature
