[ale] openssh and $DISPLAY

Joe Knapka jknapka at earthlink.net
Sun Aug 13 03:04:19 EDT 2000


Robert,

It works for me, using OpenSSH 2.1.1. I had to:

* Set "ForwardX11 yes" in sshd_config on the server.
* killall -HUP sshd
* Ensure that my .profile on the server was not explicitly
  setting the DISPLAY variable.
* Give the -X option to ssh on the client side, OR set
  "ForwardX11 yes" in ssh_config (note: no "d") on the
  client.

-- Joe

"Robert L. Harris" wrote:
> 
> This does seem to work with openssh.  I can alias this.  Is there such
> an option for the config file?  I have "ForwardX11 yes" in my config file,
> but it gives an error when I try to ssh then.
> 
> Robert
> 
> Thus spake joshy (joshy at mindspring.com):
> 
> > I seem to recall using the -X option to turn it on. All of the X
> > connections are tunneled through ssh and the actual connection to the X
> > server is made from the local machine. This has the added benefit of
> > working transparently through firewalls. no special port configuration
> > required. I have a firewall at home and one at work. To get to my work
> > machine have to ssh to an outside machine at work, then ssh a second time
> > to my workstation. Since ssh does all of the tunneling for me I can get
> > two machines without public ips to find and talk to eachother. of course
> > my packets were being encrypted twice, but that's the price ya gotta pay
> > for such flexibility.
> >
> >
> > - joshy
> >
> > On Sat, Aug 12, 2000 at 09:51:14PM -0600, Robert L. Harris wrote:
> > >
> > >
> > > No it's not.
> > >
> > > With commercial ssh, sshd and the client set the $DISPLAY and then  "tunnels"
> > > the X through the ssh connection.  This is what I'm looking for.
> > >
> > >
> > > Thus spake Tomas (tomas at kahuna.clayton.edu):
> > >
> > > > I use ssh to log in and then I use xhost at my machine and set the display
> > > >  manualy at the server (actually via a script).  So does that mean the info
> > > >  being sent to me is encrypted or not, and if not then is there away to have encrypted X!! networking?
> > > >
> > > > Tomas
> > > >
> > > >
> > > >
> > > >
> > > > On Sat, Aug 12, 2000 at 11:30:28PM -0400, Thompson Freeman wrote:
> > > > >
> > > > > Unless I'm sadly mistaken, I'm using openssh under RH6.2, and the DISPLAY
> > > > > variable gets set very nicely.
> > > > >
> > > > > On Sat, 12 Aug 2000, Robert L. Harris wrote:
> > > > >
> > > > > > Thus spake Joe Knapka (jknapka at earthlink.net):
> > > > > >
> > > > > > > Wandered Inn wrote:
> > > > > > > >
> > > > > > > > "Robert L. Harris" wrote:
> > > > > > > > >
> > > > > > > > > A number of things like xv, xterm, and very rarely netscape.
> > > > > > > >
> > > > > > > > Here's my call to nxterm from my primary machine (denali) to my work
> > > > > > > > machine (lhotse):
> > > > > > > >
> > > > > > > > ssh -l gamyers gamyers /usr/X11R6/bin/nxterm -ls -sb -sl 200 -si -sk -bg
> > > > > > > > DarkSlateGray -fg OldLace -T lhotse -n lhotse -display denali:0
> > > > > > >
> > > > > > > The problem with this is that, while the initial command to start the
> > > > > > > nxterm will be encrypted by ssh, the X packets between lhotse and
> > > > > > > denali will not, and thus are open to sniffing.
> > > > > > >
> > > > > > > SSH provides an automatic mechanism to securely forward an X
> > > > > > > session between the server and the client; older versions of
> > > > > > > SSH automatically set the DISPLAY variable to point to the
> > > > > > > forwarded port. That's what you meant, right, Robert?
> > > > > > >
> > > > > >
> > > > > > Exactly.  Tunneling the Display through the tunnel.  Can OpenSSH
> > > > > > do this?
> > > > > >
> > > > > > Robert
> > > > > >
> > > > > > :wq!
> > > > > > ---------------------------------------------------------------------------
> > > > > > Robert L. Harris                |  Micros~1 :
> > > > > > Senior System Engineer          |    For when quality, reliability
> > > > > >   at RnD Consulting             |      and security just aren't
> > > > > >                                 \_       that important!
> > > > > > DISCLAIMER:
> > > > > >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > > > > > FYI:
> > > > > >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > > > > >
> > > > > > --
> > > > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > > > > >
> > > > >
> > > > > --
> > > > > ===========================================
> > > > > The harder I work, the luckier I get.
> > > > >                     Lee Iocca
> > > > > ===========================================
> > > > > Thompson Freeman          tfreeman at digichem.net
> > > > >
> > > > > --
> > > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > > > --
> > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > >
> > >
> > >
> > > :wq!
> > > ---------------------------------------------------------------------------
> > > Robert L. Harris                |  Micros~1 :
> > > Senior System Engineer          |    For when quality, reliability
> > >   at RnD Consulting             |      and security just aren't
> > >                                 \_       that important!
> > > DISCLAIMER:
> > >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > > FYI:
> > >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > >
> > > --
> > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> >
> > --
> > Then in the end the love you take
> >     is equal to the love you make
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                |  Micros~1 :
> Senior System Engineer          |    For when quality, reliability
>   at RnD Consulting             |      and security just aren't
>                                 \_       that important!
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

-- 
*** Joseph Knapka ***
In any formula, constants (especially those obtained from handbooks)
are to be treated as variables.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list