On Thu, 17 Aug 2000, Christophe TROESTLER wrote:
> It's Ok -- I'm not permanently conncted to the net... But however,
> how do you disable all X connections to my box (from outside, not
> another local user)?
Block tcp connections to port 6000 (for Display :0), and to subsequent
ports (only if you are using Display :1 and above - you don't seem to).
> Some names are really old names for this
> machines that are no longer in use. Does it matter that they are
> listed?
Nobody can use these keys to connect to X servers that aren't running
anymore. ;-) I don't think it matters.
> Well, these are the official X packages (of potato test 1, I have to
> ugrade to potato final still).
I suggest you try that.
> Well, the key are a subset of those given by xauth list (the ones I am
> currently using I guess).
^^^^^^^
I'll try to clarify this. There are two ways to connect to your X
server:
1. Unix sockets
- /tmp/.X11-unix/X0 (no portnumber)
- key in .Xauthority like aiglenoir/unix:0
- DISPLAY=:0 (no hostname)
- these only work within local machine
2. TCP sockets
- port 6000 ff.
- key in .Xauthority like aiglenoir:0
- DISPLAY=aiglenoir:0 (contains hostname)
- these work locally and over the net
In order for both to work, you need entries in your .Xauthority both for
unix and TCP sockets, using the same key (the one X is currently using).
In your .Xauthority (displayed using "xauth list"), this doesn't seem to
be the case - the keys are all different. Check these keys again while
DISPLAY=:0 is still working.
Also, XDM-AUTHORIZATION-1 and MIT-MAGIC-COOKIE-1 keys are not
interchangeable. The above paragraph probably applies twice,
once for each kind of keys. I'm not sure about this -- slink only
uses MIT-MAGIC-COOKIE-1.
Mirko
