Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: X11 forwarding and DISPLAY variable

from [Carlson, Scott] Network Security [Permanent Link]
Subject: RE: X11 forwarding and DISPLAY variable
Date: Wed, 19 Oct 2005 12:30:10 -0700 

Also, so here's another hint that I just recently discovered.  If you
want to still have your DISPLAY work after you SSH somewhere and then
"su -" to another user, you'll need to manipulate the MIT-MAGIC-COOKIE
yourself.

Here's some script code that we use to do it for one of our little
custom apps.  It's obviously isn't the ONLY way to do it, but it works
for our needs.  This was specifically for a solaris host running Openssh
3.7


$ cat start_autogui
#/bin/sh

#  Get MIT Magic Cookie
# Get local hostname to be used in MIT Magic cookie
HOST=`hostname`
TYPE="unix"

# Get display passed in by the Xforwarding stuff you previously set up
#  I also changed my X config to start the display at 50 so that I
wouldn't
# conflict with other things running X on this box
#     GatewayPorts yes
#     X11DisplayOffset 50

DISP=`env | grep DISPLAY|cut -f2 -d:|cut -f1 -d.`

# Build the X-Display line to match the MIT-MAGIC-COOKIE in xauth
XDISP="$HOST""/""$TYPE"":""$DISP"

XCOOK=`/usr/openwin/bin/xauth list | grep ^$XDISP`

#echo $XCOOK

#  Become <user>
# Put MIT Magic Cookie in XAuthority
#  Run the  GUI
#  has to be done all as one command otherwise the shell hangs wrong
#

echo "/usr/openwin/bin/xauth add $XCOOK"
sudo su - <userid> -c "\
        (/usr/openwin/bin/xauth add $XCOOK; \
         export DISPLAY=localhost:$DISP.0; \
         autosc)"

#  AFter the GUI Exists, clean up the Cookie

/usr/openwin/bin/xauth remove $XDISP

Thanks

Scott Carlson
 

-----Original Message-----
From: Derek Martin [mailto:code@pizzashack.org] 
Sent: Friday, October 14, 2005 11:55 AM
To: Kelly Lucas
Cc: Bernd Prager; secureshell@securityfocus.com
Subject: Re: X11 forwarding and DISPLAY variable

On Thu, Oct 13, 2005 at 09:57:35AM -0700, Kelly Lucas wrote:

On the machine where you want to display X, as the user you logged in 
as, type:

xhost +


No no no no no no no!  You don't need to do this with OpenSSH, EVER!
SSH uses the much better MIT-MAGIC-COOKIE method of authenticating X
protocol connections, and does not need to muck with host-based X
authentication.


This will give permission to remote clients to display on it.


Yes, it will give permission to ALL remote clients to access your
desktop, which is most certainly not what you want.


When you SSH, try using:

ssh -X <hostname>


This is all you need.  If this solves the problem, you can do it
automatically by putting

  ForwardX11=yes

in your /etc/ssh/ssh_config file, or (if you don't have root access to
your machine) in your personal $HOME/.ssh/config file.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Putty/OpenSSH Public key auth, M. Gotaishi
Next by Date:  Re: Putty/OpenSSH Public key auth, Jesse Waters
Previous by Thread:  Re: X11 forwarding and DISPLAY variable, Bjorn Steensrud
Next by Thread:  OpenSSH as a Library, fcrable
Indexes:  [Date] [Thread] [Top] [All Lists]