Re: 2nd question of the day: Xsecurity

To: c.evans@sghms.ac.uk (Chris Evans)
Cc: debian-user@lists.debian.org
Subject: Re: 2nd question of the day: Xsecurity
From: Jiri Baum <jiri@baum.com.au>
Date: Wed, 18 Nov 1998 01:53:05 +1100 (EST)
Message-id: <[🔎] E0zfmVC-0000dR-00@legend.baum.com.au>
In-reply-to: <[🔎] 199811161134.LAA13834@psyctcsghms.ac.uk> from Chris Evans at "Nov 16, 98 11:30:44 am"

Hello Chris,

...
> like very secure access for any work I have to do on it.  I'd like to 
> use Emacs from within X on my home machine when I do have to 
> telnet in for work but I'm getting a refusal to give Emacs X client 
> access to the server on the remote machine (if I've got the 
> server/client naming the right way round). 

I'm not sure I understand here... I assume what you want is to run an X
program at work, to be displayed at home:

I use ssh rather than telnet, which has an in-built option for that, including
encrypting the X data. I'd suggest to use that. To turn it on, you simply put
"ForwardX11 yes" into the appropriate section of your .ssh/config file (it
sets up the DISPLAY variable for you and everything).

I've only used it once or twice, though, because I haven't found an X server
for a SiS 5598 chip yet :-(

To skip the encryption, you'd need to set the DISPLAY variable on your work
machine to point to your home machine, and either copy over the Xauthority
(perhaps using xauth) or xhost +<work machine>. Either of those is likely to
be a security hole, the latter more so.

> 1) The remote machine isn't running X at the time, do I need to 
> leave it with X running or can I assume it will launch it?

Neither - you only need X on the machine that'll be displaying the program.

> 2) How do I set security in X so as minimise any possible holes but 
> to give me this access?

Probably ssh will give you the best, but I'm no security expert.

At home, you should use the Xauthority file thingy. Magic cookies.

> I have looked through the documentation 
> but can't see anything pertinent.  A man page suggests there is 
> another on "Xsecurity" and the Xhost man page suggests _that_ 
> isn't what I need.  Please will someone point me at the right 
> documentation?

In hamm (Debian 2.0), the Xsecurity page is in the package "xmanpages".

If you get a new .Xauthority in your home directory each time you start X, and
xhost doesn't allow anyone in, then I think it's set up OK (it must be,
otherwise it wouldn't let you in at all).


HTH

Jiri <jiri@baum.com.au>
--
"... PERL ... incredibly primitive." --VinodV, 'Halloween II' memo.

Reply to:

References:
- 2nd question of the day: Xsecurity
  - From: "Chris Evans" <c.evans@sghms.ac.uk>

Prev by Date: RE: [Fwd: H E L P !!!!]
Next by Date: Re: How big is my H/D ?
Previous by thread: Re: 2nd question of the day: Xsecurity
Next by thread: Sony CDU31A CD on SB16
Index(es):
- Date
- Thread