wiki:TipAndDoc/network/ssh

Version 14 (modified by mitty, 9 years ago) (diff)

--

X11Forwarding with another user

  • My Cup of Tea / X Forwarding and sudo

    The reason for this is that:

    X authentication is based on cookies — secret little pieces of random data that only you and the X server know… So, you need to let the other user in on what your cookie is (http://www.debian-administration.org/articles/494).

    me@localbox:~$ ssh -X remotebox
    me@remotebox:~$ chmod 644 .Xauthority
    me@remotebox:~$ su - otheruser
    Password:
    otheruser@remotebox:~$ export DISPLAY=localhost:10.0
    otheruser@remotebox:~$ export XAUTHORITY=/home/me/.Xauthority
    
    • sudo する場合は「chmod 644 .Xauthority」は必要ない(rootからは必ず読めるため)

disable certain users to login with ssh

  • /etc/pam.d/sshd
    @@ -15,7 +15,7 @@
    
     # Uncomment and edit /etc/security/access.conf if you need to set complex
     # access limits that are hard to express in sshd_config.
    -# account  required     pam_access.so
    +account  required     pam_access.so
    
     # Standard Un*x authorization.
     @include common-account
    
  • /etc/security/access.conf
    -:USERNAME:ALL
    

avoid sshd brute force

Cluster SSH