[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: x-forwarding with ssh

Tom Cook <tom.cook@adelaide.edu.au> writes:
> It doesn't sound like a problem with ssh to me, it sounds like you
> haven't set the DISPLAY variable correctly, and therefore probably
> haven't run xhost either.

If ssh X forwarding is enabled, the sshd on the remote end should
automatically set a correct (and "magic") DISPLAY variable for you.
You don't need to set it manually.  It's worth noting that Debian's
default is to disallow X forwarding, but this can be enabled on a
per-host basis for trusted machines in /etc/ssh/ssh_config or

> desk.host: # xhost +remove.host.domain.com

You basically never ever want to use xhost.  There are two big risks.
One is that you accidentally type "xhost + remote" and open yourself
up to the world.  The other is that an attacker can relatively easily
pretend to have the remote host's IP address, and there's no other
security.  A further complication is that, because of the security
implications of unencrypted X traffic, the default setting for the X
server in woody and sid is to ignore TCP-based network traffic.

> desk.host: # ssh -X remote.host.domain.com -l myaccount
> myaccount@remote.host.domain.com's password: ********


> remote.host: # export DISPLAY=desk.host:0.0

Again, you don't want to do this; (a) it probably won't work (see
above), (b) ssh should give you a correct DISPLAY already, and (c) you
have a perfectly good X channel over an encrypted ssh tunnel, and this
setting tells X to ignore the tunnel and use a direct unencrypted
network connection instead.  Poor.

> remote.host: # xterm &

...should Just Work.  :-)

David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to: