This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
Re: SSH Notes
- From: David Fraser <davidf at sjsoft dot com>
- To: cygwin-xfree at cygwin dot com
- Date: Fri, 04 Oct 2002 16:53:22 +0200
- Subject: Re: SSH Notes
- References: <F2366tpvlKiYtpsGqe90000edf9@hotmail.com>
- Reply-to: cygwin-xfree at cygwin dot com
Thomas Chadwick wrote:
What to Fix
===========
ssh should assume ``DISPLAY=127.0.0.1:0.0'' when the DISPLAY variable
is not set on the Cygwin host. I am not sure why this is not
currently the case. I can only guess that the lack of this
assumption is either do to 1) a whiny security geek on the openssh
project, or 2) that the assumed usage scenario for openssh is more
like a Linux/X machine where you have probably got your X Server
running when you connect to your remote machine with ssh, thus
DISPLAY would already be set.
At the very least, we should patch the Cygwin release of openssh to
assume that DISPLAY=127.0.0.1:0.0 when DISPLAY is not defined in the
environment. That would make X11 tunnelling much much easier for 95%
of our users and I either can't see or I don't care about any
pseduo-security hole that this might open up. (Hey, if SSH Secure
Shell makes this assumption, then we can too.)
I don't agree with this fix. I think the correct fix should be to
make ssh die if the -X flag is specified but the DISPLAY variable is
not set (instead of quietly continuing on in a somewhat broken
state). A simple error message like the following should be
sufficient: "Error: In order to enable X11 forwarding the DISPLAY
variable must be set".
I know you want to make ssh behave correctly for the masses, but you
don't want to make it behave incorrectly for advanced users trying to
debug their code. For instance, I may have 3 different screens
running on my local box (:0, :1, and :2) and want to set up an ssh
channel between screen :2 and a remote machine. If I screw up the way
I assign a value to DISPLAY, I don't want ssh to keep going and
forward my X traffic to the wrong display!
I agree. In fact even a warning would be great. Then you could have the
ForwardX11 variable set to yes in /etc/ssh_config or ~/.ssh/config and
there would be a warning as well. Also a warning if DISPLAY is not set
would be useful in all versions of openssh, not just the cygwin one, so
hopefully it could go into the main trunk and we wouldn't have to patch
it specificly.
David