Re: x-forwarding with ssh
Tom Cook wrote:
Vineet Kumar wrote:
Also, please, please, PLEASE! DON'T do this:
local$ ssh remote
remote$ export DISPLAY=local:0 # DON'T EVER DO THIS!!!
As others have already explained. You might as well be using telnet.
This defeats the entire purpose of tunneling. What you'd be doing in
this case is telling the remote x client to connect directly to the
local x server using the unencrypted X protocol. If the local X server
even accepts it (woody and sid have been told not to, by default) all
the traffic sent over that connection is in the clear -- might as well
just be telnet.
My apologies for suggesting this earlier - if I had thought about it I
would have realised it is bad, but obviously I didn't think.
Makes me wondering what is all about with this ssh thing.
I believe that once you have to set up the DISPLAY, there's something
wrong with the installation. If I remember correctly, what was needed
was to make sure that the server and the client run the same version;
SSH 1 and 2 are not compatible.
BTW, my /etc/ssh2/ssh2_config, just in case you want to compare things:
# SSH 2.0 Client Configuration File
#PasswordPrompt "%U@%H's password: "
PasswordPrompt "%U's password: "
The following is the server part (/etc/ssh2/sshd2_config):
# SSH 2.0 Server Configuration File
# Ciphers AnyCipher
# Ciphers AnyStdCipher
# Ciphers 3des
# DEPRECATED PasswordAuthentication yes
# MaxConnections 50
# 0 == number of connections not limited
# PermitRootLogin nopwd
# DEPRECATED PubkeyAuthentication yes
# AllowedAuthentications publickey,password,hostbased
# RequiredAuthentications publickey,password
# UserConfigDirectory "/etc/ssh2/auth/%U"
# SyslogFacility LOCAL7
# Sshd1Path <set by configure>
# AllowHosts localhost, foobar.com, friendly.org
# DenyHosts evil.org, aol.com
# AllowSHosts trusted.host.org
# DenySHosts not.quite.trusted.org
# NoDelay yes
# KeepAlive yes
# subsystem definitions