SSH Notes

David Fraser davidf@sjsoft.com
Fri Oct 4 07:53:00 GMT 2002 

Thomas Chadwick wrote:

>> What to Fix
>> ===========
>>
>> ssh should assume ``DISPLAY=127.0.0.1:0.0'' when the DISPLAY variable 
>> is not set on the Cygwin host.  I am not sure why this is not 
>> currently the case.  I can only guess that the lack of this 
>> assumption is either do to 1) a whiny security geek on the openssh 
>> project, or 2) that the assumed usage scenario for openssh is more 
>> like a Linux/X machine where you have probably got your X Server 
>> running when you connect to your remote machine with ssh, thus 
>> DISPLAY would already be set.
>>
>> At the very least, we should patch the Cygwin release of openssh to 
>> assume that DISPLAY=127.0.0.1:0.0 when DISPLAY is not defined in the 
>> environment.  That would make X11 tunnelling much much easier for 95% 
>> of our users and I either can't see or I don't care about any 
>> pseduo-security hole that this might open up.  (Hey, if SSH Secure 
>> Shell makes this assumption, then we can too.)
>
>
> I don't agree with this fix.  I think the correct fix should be to 
> make ssh die if the -X flag is specified  but the DISPLAY variable is 
> not set (instead of quietly continuing on in a somewhat broken 
> state).  A simple error message like the following should be 
> sufficient: "Error: In order to enable X11 forwarding the DISPLAY 
> variable must be set".
>
> I know you want to make ssh behave correctly for the masses, but you 
> don't want to make it behave incorrectly for advanced users trying to 
> debug their code.  For instance, I may have 3 different screens 
> running on my local box (:0, :1, and :2) and want to set up an ssh 
> channel between screen :2 and a remote machine.  If I screw up the way 
> I assign a value to DISPLAY, I don't want ssh to keep going and 
> forward my X traffic to the wrong display!

I agree. In fact even a warning would be great. Then you could have the 
ForwardX11 variable set to yes in /etc/ssh_config or ~/.ssh/config and 
there would be a warning as well. Also a warning if DISPLAY is not set 
would be useful in all versions of openssh, not just the cygwin one, so 
hopefully it could go into the main trunk and we wouldn't have to patch 
it specificly.

David

More information about the Cygwin-xfree mailing list