Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'openSSH changed in tiger' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
openSSH changed in tiger
Authored by: SOX on Jun 22, '05 11:58:16AM

in Tiger, if you want to do any fancy X11 windows you now need to use:
ssh -Y
in place of
ssh -X

normal X11 stuff is unaffected but things that use openGL or fancy stuff have to be run with the -Y option. this used to be the default but it silently chaged between panther and tiger.

Note the reason for the change is that it's a minor security hole. When you use -Y you are declaring the computer sending the graphics is trust worthy and you dont mind if it were to say capture your key strokes or read your screen. In most cases the remote machine is your own computer and you trust it. If the remote machine is shared with hostile users, then think twice.



[ Reply to This | # ]
openSSH changed in tiger
Authored by: jvl001 on Jun 22, '05 04:42:21PM

If you are experiencing very slow logins (>30s) then it is likely a DNS reverse-lookup issue.
If you are experiencing slow, but not too slow, logins (~6s) and you use X11 forwarding then it is likely xauth holding things up.
(You can see exactly where the pause is by using 'ssh -vvv remotehost'.)

To switch to trusted X11 forwarding, you can permanently alter your /etc/ssh_config file as root. Thus you can avoid constantly using the -Y or -X option. You can even specify the style of X11 authentication by remote host name:

# Example /etc/ssh_config file
# Example of trustworthy hosts (with wildcards)
Host trusty.host.com *.remote.net host???.somewhere.com
ForwardX11Trusted yes
# Example of X11 forwarding but without trust (for all other hosts)
Host *
ForwardX11 yes





[ Reply to This | # ]
openSSH changed in tiger
Authored by: BobHarris on Sep 06, '05 05:27:09PM

This trick also works if you are a Tarantella user.

http://tarantella.com

Our company uses Tarantella to get faster cross country X-Windows performance (I'm in New Hampshire, and my test system is in Texas).

With Mac OS X 10.3 (Panther), tarantella was fast. But then I upgraded to Tiger, and performance was worst than a regular X-Windows connection.

I had figured out that Tarantella was using ssh, but I could not modify the binary to use ssh -Y when making a connection from my workstation to the test system.

When I added ForwardX11Trusted to my PowerMac's $HOME/.ssh/config my Tarantella performance returned.

Bob harris



[ Reply to This | # ]