[lug] auto set DISPLAY variable from ssh login?

[Bear Giles]

D. Stimits wrote:
> Does anyone know if there is a way to automate setting of DISPLAY 
> based on the remote IP of an ssh text login? And better yet, to do so 
> only for certain IP addresses?
Turn on X11 forwarding. You need it on both server and client, it's 
usually off by default. iirc you'll get ports starting at 7010. (You'll 
have multiple ports if you have multiple X11-forwarded sessions open.)

IMPORTANT: THIS IS A SECURITY RISK ON YOUR CLIENT. You should only use 
it if you're absolutely sure that you can trust the server. I 'own' my 
own virtual server but tend to avoid this since I can't be 100% certain 
there's no malware.

The problem is that X sessions are reversed from what you normally think 
- you're on the SSH client but on the X11 server. A malicious app could 
(with suitable Xauth information) quietly open a session to your desktop 
and capture everything visible in your windows, all keystrokes, etc. 
This will last as long as you have an SSH session open -- it's 
irrelevant if you shut down all of the X11 apps.

This might sound like a "who would bother?" risk, but remember that all 
the attacker needs to do is capture the X11 data stream and replay it on 
their own box -- it would be like they're watching over your shoulder.

Sometimes you want to use X11 forwarding anyway, but I'm always careful 
to close my connection as soon as possible.