This is the mail archive of the cygwin-xfree@cygwin.com mailing list for the Cygwin XFree86 project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSH Notes


Thomas Chadwick wrote:

What to Fix
===========

ssh should assume ``DISPLAY=127.0.0.1:0.0'' when the DISPLAY variable is not set on the Cygwin host. I am not sure why this is not currently the case. I can only guess that the lack of this assumption is either do to 1) a whiny security geek on the openssh project, or 2) that the assumed usage scenario for openssh is more like a Linux/X machine where you have probably got your X Server running when you connect to your remote machine with ssh, thus DISPLAY would already be set.

At the very least, we should patch the Cygwin release of openssh to assume that DISPLAY=127.0.0.1:0.0 when DISPLAY is not defined in the environment. That would make X11 tunnelling much much easier for 95% of our users and I either can't see or I don't care about any pseduo-security hole that this might open up. (Hey, if SSH Secure Shell makes this assumption, then we can too.)

I don't agree with this fix. I think the correct fix should be to make ssh die if the -X flag is specified but the DISPLAY variable is not set (instead of quietly continuing on in a somewhat broken state). A simple error message like the following should be sufficient: "Error: In order to enable X11 forwarding the DISPLAY variable must be set".

I know you want to make ssh behave correctly for the masses, but you don't want to make it behave incorrectly for advanced users trying to debug their code. For instance, I may have 3 different screens running on my local box (:0, :1, and :2) and want to set up an ssh channel between screen :2 and a remote machine. If I screw up the way I assign a value to DISPLAY, I don't want ssh to keep going and forward my X traffic to the wrong display!
I agree. In fact even a warning would be great. Then you could have the ForwardX11 variable set to yes in /etc/ssh_config or ~/.ssh/config and there would be a warning as well. Also a warning if DISPLAY is not set would be useful in all versions of openssh, not just the cygwin one, so hopefully it could go into the main trunk and we wouldn't have to patch it specificly.

David



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]