SSH: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Do following | Normally ''ssh'' creates ''.Xauthority'' file in ''$HOME/.ssh'' directory. If ''$HOME'' directory is on file server and shared between different machines, it can be a conflict. It is recommended in that case to tell ''ssh'' to place ''.Xauthority'' file somewhere else, for example in ''/tmp'' directory which is usually local. Do following: | ||
1. ''/etc/ssh/sshd_config'' (it will force execution of /etc/ssh/sshrc script which we'll create below; also every user's $HOME/.ssh/environment file will be processed): | 1. Unconnent/add following line in ''/etc/ssh/sshd_config'' (it will force execution of /etc/ssh/sshrc script which we'll create below; also every user's $HOME/.ssh/environment file will be processed): | ||
PermitUserEnvironment yes | PermitUserEnvironment yes | ||
2. ''/etc/profile'': | 2. Add two lines in ''/etc/profile'': | ||
XAUTHORITY=/tmp/.Xauthority.$LOGNAME | XAUTHORITY=/tmp/.Xauthority.$LOGNAME | ||
| Line 28: | Line 28: | ||
fi | fi | ||
( | (on Linux ''xauth'' is located at ''/usr/X11R6/bin/xauth'', adjust script accordingly) | ||
4. Create ''/root/.ssh/environment'' file with following contents: | 4. Create ''/root/.ssh/environment'' file with following contents: | ||
| Line 34: | Line 34: | ||
XAUTHORITY=/tmp/.Xauthority.root | XAUTHORITY=/tmp/.Xauthority.root | ||
5. NOTIFY ALL USERS TO HAVE THAT FILE WITH CORRESPONDING CONTENTS IN THEIR HOME/.ssh directories. You can do it for example by placing following into ''/etc/.login'' (on linux you can use ''/etc/csh.login''): | |||
if (! -e ~/.ssh/environment ) then | |||
echo "" | |||
echo "===== ERROR: create file '~/.ssh/environment' containing following line:" | |||
echo "===== XAUTHORITY=/tmp/.Xauthority.$LOGNAME" | |||
echo "===== OTHERWISE SSH/X11 MAY NOT WORK PROPERLY" | |||
echo "" | |||
endif | |||
6. Restart ssh service by | |||
svcadm restart network/ssh | svcadm restart network/ssh | ||
(on Linux ''/etc/init.d/sshd restart'') | |||
Revision as of 16:51, 29 December 2008
Normally ssh creates .Xauthority file in $HOME/.ssh directory. If $HOME directory is on file server and shared between different machines, it can be a conflict. It is recommended in that case to tell ssh to place .Xauthority file somewhere else, for example in /tmp directory which is usually local. Do following:
1. Unconnent/add following line in /etc/ssh/sshd_config (it will force execution of /etc/ssh/sshrc script which we'll create below; also every user's $HOME/.ssh/environment file will be processed):
PermitUserEnvironment yes
2. Add two lines in /etc/profile:
XAUTHORITY=/tmp/.Xauthority.$LOGNAME export XAUTHORITY
3. Create /etc/ssh/sshrc with following contents:
HOME=/tmp
XAUTHORITY=$HOME/.Xauthority.$USER
export XAUTHORITY
if read proto cookie && [ -n "$DISPLAY" ]
then
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]
then
# X11UseLocalhost=yes
echo add unix:`echo $DISPLAY |
cut -c11-` $proto $cookie
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | /usr/openwin/bin/xauth -q -
fi
(on Linux xauth is located at /usr/X11R6/bin/xauth, adjust script accordingly)
4. Create /root/.ssh/environment file with following contents:
XAUTHORITY=/tmp/.Xauthority.root
5. NOTIFY ALL USERS TO HAVE THAT FILE WITH CORRESPONDING CONTENTS IN THEIR HOME/.ssh directories. You can do it for example by placing following into /etc/.login (on linux you can use /etc/csh.login):
if (! -e ~/.ssh/environment ) then echo "" echo "===== ERROR: create file '~/.ssh/environment' containing following line:" echo "===== XAUTHORITY=/tmp/.Xauthority.$LOGNAME" echo "===== OTHERWISE SSH/X11 MAY NOT WORK PROPERLY" echo "" endif
6. Restart ssh service by
svcadm restart network/ssh
(on Linux /etc/init.d/sshd restart)