[lug] Newbie X-window questions

Tkil tkil at scrye.com
Wed May 9 14:13:05 MDT 2001


>>>>> "Hugh" == Hugh Brown <hugh at vecna.com> writes:

Hugh> Sitting at mine, want to get an xterm on hers to open on mine

Hugh> Method 1.
Hugh> mine$ ssh hers xterm

Hm.  Graceful.  I tend to run the xterm (rxvt, usually) locally, and
just ssh to the remote host I'm interested in; my perceived response
time seems better.  I only bother with remote X connections for
clients where the graphics are important, e.g. 'xload'.

Hugh> Method 2.
Hugh> mine$ xhost +hers
Hugh> mine$ ssh hers
Hugh> hers$ export DISPLAY=mine:0 #assumes sh/bash/ksh syntax
Hugh> hers$ xterm&

Note that you don't need (and probably don't *want*) to do that xhost
command.  ssh handles the necessary authentication stages.  Likewise,
ssh should set up DISPLAY within the shell running on "hers", and the
export probably won't work as you expect anyway.

Oh, now that I think about it, this *will* work -- but:

1. The xterm won't be encrypted; it will be using X requests straight
   over TCP

2. Any malicious attacker on "hers" can now open a connection to the X
   server running on "mine", with all the security consequences I
   mentioned in the previous e-mail.

So, if you're already using ssh, I don't see any reason not to use
it's x forwarding capabilities.  (Granted, the above will get around
situations where the sshd won't permit X forwarding, but presumably
that's in there for a good reason -- and using a vehemently insecure
workaround doesn't seem like a good solution to me.

t.



More information about the LUG mailing list