LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

July 2005

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS July 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: x11 problems under SL 4, especially when operating remotely
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 6 Jul 2005 11:07:10 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (60 lines)

Sorry for jumping in so late in the conversation.  But it looks like 
this is something that people got upset with RedHat about, because they 
changed the default's with Update 1.  Here is a clip from out release 
notes for 4.1

      o The openssh-3.9p1 package included in Scientific Linux 4.x
        introduced two different modes of X11 forwarding: trusted and
        untrusted. In the default Scientific Linux 4.x configuration,
        passing the -X flag to /usr/bin/ssh (or using the "ForwardX11 on"
        configuration option) enables untrusted X11 forwarding. This mode
        restricts the X11 protocol to prevent a malicious application 
using a
        forwarded SSH connection from compromising the security of the local
        X11 server (for example, by performing keystroke monitoring); 
but few
        X11 applications are usable in this mode.

        In Scientific Linux 4.1, the default configuration of
        the openssh client has been changed such that passing the -X flag
        enables trusted X11 forwarding. The trusted forwarding mode 
allows all
        X applications to work correctly when forwarded over an SSH
        connection; but, as with previous releases of Scientific
        Linux, it should only be used when invoking trusted applications.

So ... I'm wondering, which openssh are you using?  The original one 
with 4.0, or the one that came with 4.1 ... which I think was also one 
of the security errata.

Troy

Devin Bougie wrote:
> Hi All,
> 
>>> On Wed, 6 Jul 2005, Alex Finch wrote:
>>> 2) secure shell to a remote machine with x forwarding enabled:
>>>
>>>   emacs - click in the window to edit, sooner or later it crashes  
>>> saying:
>>> =======
>>>      X protocol error: BadWindow ( invalid window parameter ) on  
>>> protocol request 38
> 
> 
> We saw similar problems that were solved by using trusted X11  
> forwarding.  Try using "ssh -Y" instead of "ssh -X," or add  
> "ForwardX11Trusted yes" to your ~/.ssh/config.
> 
> I hope this helps,
> Devin
> 

-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/CSS  CSI Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV