- stevesk@cvs.openbsd.org 2002/04/05 20:56:21

[sshd.8] clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
author: Ben Lindstrom <mouring@eviladmin.org> 2002-04-05 22:18:48 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-04-05 22:18:48 +0000
commit: a11e270115e2d2ead1abfedf5ebe25ad7eda74aa (patch)
tree: d62bc2f80bf5a67f7566829fb05f82a537690502 /sshd.8
parent: 924144e6508df8ab6d8338920b697e62d827b966 (diff)
1 files changed, 20 insertions, 9 deletions
diff --git a/sshd.8 b/sshd.8
index eb5c8f1da..63ca7df22 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.175 2002/03/29 19:16:22 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.176 2002/04/05 20:56:21 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -1324,13 +1324,17 @@ only by the user; it need not be readable by anyone else.
 .It Pa $HOME/.ssh/rc
 If this file exists, it is run with /bin/sh after reading the
 environment files but before starting the user's shell or command.
-If X11 spoofing is in use, this will receive the "proto cookie" pair in
+It must not produce any output on stdout; stderr must be used
-standard input (and
+instead.
+If X11 forwarding is in use, it will receive the "proto cookie" pair in
+its standard input (and
 .Ev DISPLAY
-in environment).
+in its environment).
-This must call
+The script must call
 .Xr xauth 1
-in that case.
+because
+.Nm
+will not run xauth automatically to add X11 cookies.
 .Pp
 The primary purpose of this file is to run any initialization routines
 which may be needed before the user's home directory becomes
@@ -1339,15 +1343,22 @@ accessible; AFS is a particular example of such an environment.
 This file will probably contain some initialization code followed by
 something similar to:
 .Bd -literal
-        if read proto cookie; then
+if read proto cookie && [ -n "$DISPLAY" ]; then
-                echo add $DISPLAY $proto $cookie | xauth -q -
+        if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
+                # X11UseLocalhost=yes
+                xauth add unix:`echo $DISPLAY |
+                    cut -c11-` $proto $cookie
+        else
+                # X11UseLocalhost=no
+                xauth add $DISPLAY $proto $cookie
        fi
+fi
 .Ed
 .Pp
 If this file does not exist,
 .Pa /etc/ssh/sshrc
 is run, and if that
-does not exist either, xauth is used to store the cookie.
+does not exist either, xauth is used to add the cookie.
 .Pp
 This file should be writable only by the user, and need not be
 readable by anyone else.
author	Ben Lindstrom <mouring@eviladmin.org>	2002-04-05 22:18:48 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-04-05 22:18:48 +0000
commit	a11e270115e2d2ead1abfedf5ebe25ad7eda74aa (patch)
tree	d62bc2f80bf5a67f7566829fb05f82a537690502 /sshd.8
parent	924144e6508df8ab6d8338920b697e62d827b966 (diff)

diff --git a/sshd.8 b/sshd.8 index eb5c8f1da..63ca7df22 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.175 2002/03/29 19:16:22 stevesk Exp $	37	.\" $OpenBSD: sshd.8,v 1.176 2002/04/05 20:56:21 stevesk Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -1324,13 +1324,17 @@ only by the user; it need not be readable by anyone else.
1324	.It Pa $HOME/.ssh/rc	1324	.It Pa $HOME/.ssh/rc
1325	If this file exists, it is run with /bin/sh after reading the	1325	If this file exists, it is run with /bin/sh after reading the
1326	environment files but before starting the user's shell or command.	1326	environment files but before starting the user's shell or command.
1327	If X11 spoofing is in use, this will receive the "proto cookie" pair in	1327	It must not produce any output on stdout; stderr must be used
1328	standard input (and	1328	instead.
		1329	If X11 forwarding is in use, it will receive the "proto cookie" pair in
		1330	its standard input (and
1329	.Ev DISPLAY	1331	.Ev DISPLAY
1330	in environment).	1332	in its environment).
1331	This must call	1333	The script must call
1332	.Xr xauth 1	1334	.Xr xauth 1
1333	in that case.	1335	because
		1336	.Nm
		1337	will not run xauth automatically to add X11 cookies.
1334	.Pp	1338	.Pp
1335	The primary purpose of this file is to run any initialization routines	1339	The primary purpose of this file is to run any initialization routines
1336	which may be needed before the user's home directory becomes	1340	which may be needed before the user's home directory becomes
@@ -1339,15 +1343,22 @@ accessible; AFS is a particular example of such an environment.
1339	This file will probably contain some initialization code followed by	1343	This file will probably contain some initialization code followed by
1340	something similar to:	1344	something similar to:
1341	.Bd -literal	1345	.Bd -literal
1342	if read proto cookie; then	1346	if read proto cookie && [ -n "$DISPLAY" ]; then
1343	echo add $DISPLAY $proto $cookie \| xauth -q -	1347	if [ `echo $DISPLAY \| cut -c1-10` = 'localhost:' ]; then
		1348	# X11UseLocalhost=yes
		1349	xauth add unix:`echo $DISPLAY \|
		1350	cut -c11-` $proto $cookie
		1351	else
		1352	# X11UseLocalhost=no
		1353	xauth add $DISPLAY $proto $cookie
1344	fi	1354	fi
		1355	fi
1345	.Ed	1356	.Ed
1346	.Pp	1357	.Pp
1347	If this file does not exist,	1358	If this file does not exist,
1348	.Pa /etc/ssh/sshrc	1359	.Pa /etc/ssh/sshrc
1349	is run, and if that	1360	is run, and if that
1350	does not exist either, xauth is used to store the cookie.	1361	does not exist either, xauth is used to add the cookie.
1351	.Pp	1362	.Pp
1352	This file should be writable only by the user, and need not be	1363	This file should be writable only by the user, and need not be
1353	readable by anyone else.	1364	readable by anyone else.