[ale] openssh and $DISPLAY

Tomas tomas at kahuna.clayton.edu
Sun Aug 13 00:33:47 EDT 2000


I use ssh to log in and then I use xhost at my machine and set the display
 manualy at the server (actually via a script).  So does that mean the info
 being sent to me is encrypted or not, and if not then is there away to have encrypted X!! networking?

Tomas




On Sat, Aug 12, 2000 at 11:30:28PM -0400, Thompson Freeman wrote:
> 
> Unless I'm sadly mistaken, I'm using openssh under RH6.2, and the DISPLAY
> variable gets set very nicely.
> 
> On Sat, 12 Aug 2000, Robert L. Harris wrote:
> 
> > Thus spake Joe Knapka (jknapka at earthlink.net):
> > 
> > > Wandered Inn wrote:
> > > > 
> > > > "Robert L. Harris" wrote:
> > > > >
> > > > > A number of things like xv, xterm, and very rarely netscape.
> > > > 
> > > > Here's my call to nxterm from my primary machine (denali) to my work
> > > > machine (lhotse):
> > > > 
> > > > ssh -l gamyers gamyers /usr/X11R6/bin/nxterm -ls -sb -sl 200 -si -sk -bg
> > > > DarkSlateGray -fg OldLace -T lhotse -n lhotse -display denali:0
> > > 
> > > The problem with this is that, while the initial command to start the
> > > nxterm will be encrypted by ssh, the X packets between lhotse and
> > > denali will not, and thus are open to sniffing.
> > > 
> > > SSH provides an automatic mechanism to securely forward an X
> > > session between the server and the client; older versions of
> > > SSH automatically set the DISPLAY variable to point to the
> > > forwarded port. That's what you meant, right, Robert?
> > > 
> > 
> > Exactly.  Tunneling the Display through the tunnel.  Can OpenSSH 
> > do this?
> > 
> > Robert
> > 
> > :wq!
> > ---------------------------------------------------------------------------
> > Robert L. Harris                |  Micros~1 :  
> > Senior System Engineer          |    For when quality, reliability 
> >   at RnD Consulting             |      and security just aren't
> >                                 \_       that important!
> > DISCLAIMER:
> >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > FYI:
> >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > 
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > 
> 
> -- 
> ===========================================
> The harder I work, the luckier I get.
>                     Lee Iocca
> ===========================================
> Thompson Freeman          tfreeman at digichem.net
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list