Re: x-forwarding with ssh
- To: firstname.lastname@example.org
- Subject: Re: x-forwarding with ssh
- From: David Z Maze <email@example.com>
- Date: Fri, 01 Mar 2002 01:13:48 -0500
- Message-id: <firstname.lastname@example.org>
- In-reply-to: <3C7EEE60.2FD29A3E@adelaide.edu.au> (Tom Cook's message of "Fri, 01 Mar 2002 13:28:40 +1030")
- References: <20020228233826.GA17498@highgate.hn.org> <3C7EEE60.2FD29A3E@adelaide.edu.au>
Tom Cook <email@example.com> writes:
> It doesn't sound like a problem with ssh to me, it sounds like you
> haven't set the DISPLAY variable correctly, and therefore probably
> haven't run xhost either.
If ssh X forwarding is enabled, the sshd on the remote end should
automatically set a correct (and "magic") DISPLAY variable for you.
You don't need to set it manually. It's worth noting that Debian's
default is to disallow X forwarding, but this can be enabled on a
per-host basis for trusted machines in /etc/ssh/ssh_config or
> desk.host: # xhost +remove.host.domain.com
You basically never ever want to use xhost. There are two big risks.
One is that you accidentally type "xhost + remote" and open yourself
up to the world. The other is that an attacker can relatively easily
pretend to have the remote host's IP address, and there's no other
security. A further complication is that, because of the security
implications of unencrypted X traffic, the default setting for the X
server in woody and sid is to ignore TCP-based network traffic.
> desk.host: # ssh -X remote.host.domain.com -l myaccount
> firstname.lastname@example.org's password: ********
> remote.host: # export DISPLAY=desk.host:0.0
Again, you don't want to do this; (a) it probably won't work (see
above), (b) ssh should give you a correct DISPLAY already, and (c) you
have a perfectly good X channel over an encrypted ssh tunnel, and this
setting tells X to ignore the tunnel and use a direct unencrypted
network connection instead. Poor.
> remote.host: # xterm &
...should Just Work. :-)
David Maze email@example.com http://people.debian.org/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell