Re: problems with running remote X programs

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: problems with running remote X programs
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Sun, 16 Jun 2002 12:03:39 -0700
Message-id: <[🔎] 20020616190339.GW30344@ix.netcom.com>
In-reply-to: <[🔎] 20020616083418.GD28343@aokiconsulting.com>
References: <[🔎] 20020614132159.7999c15d.yeeking@no-future.com> <[🔎] y68n0txzxit.fsf@multics.mit.edu> <[🔎] 1024071119.32412.17.camel@rebel> <[🔎] 1024071988.32761.12.camel@rebel> <[🔎] 20020616064433.GR30344@ix.netcom.com> <[🔎] 20020616083418.GD28343@aokiconsulting.com>

on Sun, Jun 16, 2002, Osamu Aoki (debian@aokiconsulting.com) wrote:
> On Sat, Jun 15, 2002 at 11:44:33PM -0700, Karsten M. Self wrote:
> > on Fri, Jun 14, 2002, Ron Johnson (ron.l.johnson@cox.net) wrote:
> > > On Fri, 2002-06-14 at 11:11, Ron Johnson wrote:

<...>

> > > > Any ideas?  Colin Watson says to remove '-nolisten tcp' from the
> > > > script that starts the local X.  I'm going to try that now.
> > > 
> > > Progress!!  After removing '-nolisten tcp' from
> > > /etc/X11/xinit/xserverrc
> > 
> > Restore it.  You were given bad advice whose implications you don't
> > understand.
> 
> I do understand benefit of SSH but insecure xhost with '-nolisten tcp'
> has advantage if you are behind firewall with slow machines.  So do
> not be so harsh like "You were given bad advice" :)  Colin Watson has
> been good to me like Karsten M. Self was.
> 
> All the discussion about how to set system is really environment
> dependent.

This is true.  However, I see far too many people advocating "xhost +"
and disabling "-nolisten tcp", when the first attempt should be an "ssh
-X".  If this turns out to be too slow for the necessary task (unlikely
for any business/system need), then other options can be explored.  And
again, there are SSH clients (most free) for all significant, and most
insignificant, platforms:

    http://www.linuxmafia.com/pub/linux/security/ssh-clients


Telling people to facilitate remote X11 connections by dropping all
security precautions is like telling someone who's complaining of heat
to strip naked.  Though effective, there are other options which might
be attempted first -- turning on a fan, closing blinds, upping the A/C,
or trading the slacks, button-down, and tie for shorts, T-shirt, and
sandals.  The proper solution depends on circumstances and resources,
but there are some alternatives which should be strongly deprecated.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   KQED FM:  The bright spot on the dial:  http://www.kqed.org/fm/

Attachment: pgpqsi_FgDHQl.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: problems with running remote X programs
  - From: Osamu Aoki <debian@aokiconsulting.com>
- using old Adobe post script fonts
  - From: David Teague <dbt@cs.wcu.edu>
- Re: problems with running remote X programs
  - From: "Sridhar M.A." <mas@uomphysics.net>

References:
- problems with running remote X programs
  - From: Matthew Yee-King <yeeking@no-future.com>
- Re: problems with running remote X programs
  - From: David Z Maze <dmaze@debian.org>
- Re: problems with running remote X programs
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: problems with running remote X programs
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: problems with running remote X programs
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: problems with running remote X programs
  - From: Osamu Aoki <debian@aokiconsulting.com>

Prev by Date: Please read and get back to me for God seck
Next by Date: RE: Problems installinf XFree 4.2 on Woody
Previous by thread: Re: problems with running remote X programs
Next by thread: Re: problems with running remote X programs
Index(es):
- Date
- Thread