Re: x-forwarding with ssh
Tom Cook wrote:
Vineet Kumar wrote:
[snip]
Also, please, please, PLEASE! DON'T do this:
local$ ssh remote
remote$ export DISPLAY=local:0 # DON'T EVER DO THIS!!!
remote$ xterm
As others have already explained. You might as well be using telnet.
This defeats the entire purpose of tunneling. What you'd be doing in
this case is telling the remote x client to connect directly to the
local x server using the unencrypted X protocol. If the local X server
even accepts it (woody and sid have been told not to, by default) all
the traffic sent over that connection is in the clear -- might as well
just be telnet.
My apologies for suggesting this earlier - if I had thought about it I
would have realised it is bad, but obviously I didn't think.
Makes me wondering what is all about with this ssh thing.
I believe that once you have to set up the DISPLAY, there's something
wrong with the installation. If I remember correctly, what was needed
was to make sure that the server and the client run the same version;
SSH 1 and 2 are not compatible.
BTW, my /etc/ssh2/ssh2_config, just in case you want to compare things:
# ssh2_config
# SSH 2.0 Client Configuration File
*:
Port 22
Ciphers AnyStdCipher
IdentityFile identification
AuthorizationFile authorization
RandomSeedFile random_seed
VerboseMode no
#PasswordPrompt "%U@%H's password: "
PasswordPrompt "%U's password: "
#LocalForward "110:pop3.ssh.fi:110"
#RemoteForward "3000:foobar:22"
Ssh1AgentCompatibility none
#Ssh1AgentCompatibility traditional
#Ssh1AgentCompatibility ssh2
#SshSignerPath ssh-signer2
NoDelay no
KeepAlive yes
The following is the server part (/etc/ssh2/sshd2_config):
# sshd2_config
# SSH 2.0 Server Configuration File
*:
Port 22
ListenAddress 0.0.0.0
Ciphers AnyStd
# Ciphers AnyCipher
# Ciphers AnyStdCipher
# Ciphers 3des
IdentityFile identification
AuthorizationFile authorization
HostKeyFile hostkey
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
ForwardAgent yes
ForwardX11 yes
# DEPRECATED PasswordAuthentication yes
PasswordGuesses 3
# MaxConnections 50
# 0 == number of connections not limited
MaxConnections 0
# PermitRootLogin nopwd
PermitRootLogin yes
# DEPRECATED PubkeyAuthentication yes
# AllowedAuthentications publickey,password,hostbased
AllowedAuthentications publickey,password
# RequiredAuthentications publickey,password
ForcePTTYAllocation no
VerboseMode no
PrintMotd yes
CheckMail yes
UserConfigDirectory "%D/.ssh2"
# UserConfigDirectory "/etc/ssh2/auth/%U"
SyslogFacility AUTH
# SyslogFacility LOCAL7
Ssh1Compatibility yes
# Sshd1Path <set by configure>
# AllowHosts localhost, foobar.com, friendly.org
# DenyHosts evil.org, aol.com
# AllowSHosts trusted.host.org
# DenySHosts not.quite.trusted.org
# NoDelay yes
# KeepAlive yes
RequireReverseMapping yes
UserKnownHosts yes
# subsystem definitions
subsystem-sftp sftp-server
Oki
Reply to: