Re: NEWBIE TIP #110 [was Re: suggestion[data in .sig file]]
On Thu, 2002-03-07 at 18:13, Hans Ekbrand wrote:
> On Tue, Mar 05, 2002 at 01:44:40PM -1000, Joseph Dane wrote:
> > >>>>> "Hans" == Hans Ekbrand <hans@sociologi.cjb.net> writes:
> >
> > Hans> This tip is bad. It does not work. The first line makes the
> > Hans> following fail (or, I think, in case of bad security on client
> > Hans> succeed but by-pass the ssh-tunnel).
> >
> > no, it works as expected. if the tip had been
> >
> > client> ssh -X server
> > server> export DISPLAY=client:0.0 # DON'T DO THIS!!!
> > server> netscape&
> >
> > then that would have been bad. but that's not what was in the post.
>
> Since no one else has disputed this post yet, I think it is time to do
> so. I have used X-forwarding over SSH enough to know that you need not
> and you should not set $DISPLAY manually.
>
> I fail to understand why you came up with the example above. No one
> have suggested or commented any such thing.
I wasn't subscribed when the first post came in so Im exempt. But I
agree completely. Leave out the export DISPLAY.
Doing the above *works* but bypasses any X forwarding ssh sets up for
you and sends the X forwarding directly to the client without
encryption. In fact the default DISPLAY setting on a -X login is
connected to the server itself...
water$ ssh -X root@fire
fire$ export | grep DISPLAY
declare -x DISPLAY="fire:10.0"
The server is set to forward it to itself. X display 10 (port 6010) is
ssh listening for connections so it can forward them. ssh is so clever
it even handles the xauth cookies transparently.
Now ssh -A, now thats powerful!
Crispin
Reply to: