X11 Forwarding with Access Control on AIX

Hello kmknox,

Thank you for reaching out to the Devolutions support team.

The Verbose logs on level 2 could probably provide more information on this.
Send SSH Shell logs and verbose - Devolutions Documentation

You can use this link to share your logs:
FOR-50509

Best regards,

Hello kmknox,

Thank you for reaching out to the Devolutions support team.

The Verbose logs on level 2 could probably provide more information on this.
Send SSH Shell logs and verbose - Devolutions Documentation

You can use this link to share your logs:
FOR-50509

Best regards,

@Patrick Ouimet

Thank you so much, Patrick. We did find the problem. We needed to enable 'X11Forwarding' in sshd service. Once that was done, XMing began to work normally on the AIX server. Sadly, that's not going to be enough to create a secure environment. XMing does not seem to allow xhost to limit which clients can connect to us, so we are looking at other solutions.

Someday, Devolutions is thinking about building an X Server into the product. I 1000% wish that day was yesterday, but we'll be glad for it when the day finally comes. When it comes, please go to the trouble of limiting who can hit the XServer to only clients already connected via SSH. Thank you.

Hello kmknox,

For a more secure environment, may I suggest using Devolutions Server as a data source and connecting it to your server with the Devolutions Gateway?

General knowledge - Devolutions Documentation
Conditional access policies - Devolutions Documentation

General knowledge - Devolutions Documentation

Best regards,

This is a great idea. I'll pass it up to the people who decide such things. Thank you.

Bonjour,
I am currently developing an X11 server for RDM, and i would appreciate it if you could tell me which X11 applications you intend to use.
Knowing this would allow me to focus my debugging and development efforts on the applications that matter most to you.

Thank you in advance for your assistance.

Bonjour,
I am currently developing an X11 server for RDM, and i would appreciate it if you could tell me which X11 applications you intend to use.
Knowing this would allow me to focus my debugging and development efforts on the applications that matter most to you.

Thank you in advance for your assistance.

@Luc Goulet
Test reply. My messages are not going through.

Bonjour,
I am currently developing an X11 server for RDM, and i would appreciate it if you could tell me which X11 applications you intend to use.
Knowing this would allow me to focus my debugging and development efforts on the applications that matter most to you.

Thank you in advance for your assistance.

@Luc Goulet
Hello Luc,

I'm not a member of the team actually using X11, so I don't know. What I do know is that I've always set up xclock successfully and my customer was able to use their application. They are not using xclock, but that's always been my standard test.

It's been a year and I've forgotten most this, but we did get all our customers working securely on XMing. The key point is that the X11 client must use MIT Magic Cookie 1 to prove the connection request is coming from a logged on session. It must be impossible for a random attacker to connect to the client's X11 server successfully.

Bonjour,
I am currently developing an X11 server for RDM, and i would appreciate it if you could tell me which X11 applications you intend to use.
Knowing this would allow me to focus my debugging and development efforts on the applications that matter most to you.

Thank you in advance for your assistance.

@Luc Goulet
Okay. It does not like something about the numbered list I was trying to submit to you. The key point is that in XMing, we require these settings:
Choose to create a launch configuration with Multiple Windows, No client, Display 0, and Clipboard set to True. Do not choose to disable Access Controls.