[ale] openssh and $DISPLAY
Thompson Freeman
tfreeman at intel.digichem.net
Sun Aug 13 00:31:13 EDT 2000
Well - using my usual original names...
I'm sitting at machine intel, and want to run a program/login on intel1...
ssh intel1 netscape
brings up netscape on the local (intel) X window display. I haven't tried
to firewall the X ports which would be a great test, but a friend in the
security business started me off that way.
Actually, maybe I _should_ perform the firewall check - if somebody
doesn't beat me to it.
On Sat, 12 Aug 2000, Wandered Inn wrote:
> Thompson Freeman wrote:
> >
> > Unless I'm sadly mistaken, I'm using openssh under RH6.2, and the DISPLAY
> > variable gets set very nicely.
>
> Care to share the specifics?
>
> >
> > On Sat, 12 Aug 2000, Robert L. Harris wrote:
> >
> > > Thus spake Joe Knapka (jknapka at earthlink.net):
> > >
> > > > Wandered Inn wrote:
> > > > >
> > > > > "Robert L. Harris" wrote:
> > > > > >
> > > > > > A number of things like xv, xterm, and very rarely netscape.
> > > > >
> > > > > Here's my call to nxterm from my primary machine (denali) to my work
> > > > > machine (lhotse):
> > > > >
> > > > > ssh -l gamyers gamyers /usr/X11R6/bin/nxterm -ls -sb -sl 200 -si -sk -bg
> > > > > DarkSlateGray -fg OldLace -T lhotse -n lhotse -display denali:0
> > > >
> > > > The problem with this is that, while the initial command to start the
> > > > nxterm will be encrypted by ssh, the X packets between lhotse and
> > > > denali will not, and thus are open to sniffing.
> > > >
> > > > SSH provides an automatic mechanism to securely forward an X
> > > > session between the server and the client; older versions of
> > > > SSH automatically set the DISPLAY variable to point to the
> > > > forwarded port. That's what you meant, right, Robert?
> > > >
> > >
> > > Exactly. Tunneling the Display through the tunnel. Can OpenSSH
> > > do this?
> > >
> > > Robert
> > >
> > > :wq!
> > > ---------------------------------------------------------------------------
> > > Robert L. Harris | Micros~1 :
> > > Senior System Engineer | For when quality, reliability
> > > at RnD Consulting | and security just aren't
> > > \_ that important!
> > > DISCLAIMER:
> > > These are MY OPINIONS ALONE. I speak for no-one else.
> > > FYI:
> > > perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > >
> > > --
> > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > >
> >
> > --
> > ===========================================
> > The harder I work, the luckier I get.
> > Lee Iocca
> > ===========================================
> > Thompson Freeman tfreeman at digichem.net
> >
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
> --
> Until later: Geoffrey esoteric at denali.atlnet.com
>
> Microsoft != Innovation
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
--
===========================================
The harder I work, the luckier I get.
Lee Iocca
===========================================
Thompson Freeman tfreeman at digichem.net
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list