on Fri, Oct 05, 2001 at 10:01:59PM -0400, Kyle Girard (kgirard@chat.carleton.ca) wrote:
> What does one have to do to enable X apps to be forwarded to my machine?
>
> For two machine named debian and firewall respectively, I want to
> forward a display from fireall to debian
>
> on debian:
>
> xhost + firewall
NEVER, EVER, USE XHOST AUTHENTICATION TO APPROVE REMOTE CONNECTIONS.
There are few absolutes, this is one of them. xhost is an obsolete,
insecure, spoofable, authentication protocol.
> on firewall
>
> $ export DISPLAY=debian:0
>
> I try and run any program and I get 'cannot open DISPLAY'
Recent Debian releases don't let X listen for remote TCP/IP connections.
> so my first thought was that I didn't have the correct ports open... so
> I did an nmap localhost and sure enough
>
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 515/tcp open printer
This is a good default. You might also open port 80 if you want to
serve webpages locally.
> are the only ports open on my machine, I uncommented the x11 services
> from my /etc/services restarted xinetd... I didn't think it would work
> but it felt good to try...
Be afraid, be very afraid. Close those puppies up again.
The proper method is to use SSH tunnels, as posted previously. You'll
have to check your sshd allows X11 forwarding (/etc/ssh/sshd_config).
Then:
$ ssh -C -X remotehost
If you want to launch a process and 'background' ssh:
$ ssh -f -C -X remotehost
You may also want to pick a lightweight default cipher, Blowfish is
considerably faster then 3DES.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
Attachment:
pgpogmNUZTilg.pgp
Description: PGP signature