wiki:TipAndDoc/network/ssh

Version 21 (modified by mitty, 7 years ago) (diff)

--

  • linux - How to enable SSH X11 forwarding through additional server? - Server Fault

    I have hosts A,B and C. From host A I can access through ssh only B. From B I can access C. I want to be able to run X11 programs on C and forward display to A.

    not exactly... if X11Forwarding is not enabled on server C, it won't work. it also won't work unless one sets AllowTcpForwarding yes and GatewayPorts yes on server B. this answer is not acceptable at all

X11Forwarding with another user

  • My Cup of Tea / X Forwarding and sudo

    The reason for this is that:

    X authentication is based on cookies — secret little pieces of random data that only you and the X server know… So, you need to let the other user in on what your cookie is (http://www.debian-administration.org/articles/494).

    me@localbox:~$ ssh -X remotebox
    me@remotebox:~$ chmod 644 .Xauthority
    me@remotebox:~$ su - otheruser
    Password:
    otheruser@remotebox:~$ export DISPLAY=localhost:10.0
    otheruser@remotebox:~$ export XAUTHORITY=/home/me/.Xauthority
    
    • sudo する場合は「chmod 644 .Xauthority」は必要ない(rootからは必ず読めるため)

disable certain users to login with ssh

  • /etc/pam.d/sshd
    @@ -15,7 +15,7 @@
    
     # Uncomment and edit /etc/security/access.conf if you need to set complex
     # access limits that are hard to express in sshd_config.
    -# account  required     pam_access.so
    +account  required     pam_access.so
    
     # Standard Un*x authorization.
     @include common-account
    
  • /etc/security/access.conf
    -:USERNAME:ALL
    

avoid sshd brute force

Cluster SSH