Re: SOLVED: Still have no idea of the xhost replacement
Lo, on Monday, January 6, nate did write:
> Abdul Latip said:
>
> > IT WORKS! Thank you very much! May I know for what is
> > "-nolisten tcp" in xserverrc?
>
> sure, glad to help. the nolisten tcp is to prevent the X server
> from listening for connections on TCP ports.
... which is a good thing for security reasons.
> nolisten tcp breaks setups that depend upon exporting the
> display e.g. export DISPLAY=remote.server:0.0
Yes.
> SSH bypasses this by tunneling the connection over the SSH connection
> and(I think) connecting to the X server via sockets instead.
Pretty much, although `sockets' is an overly broad term. In this case,
I believe that the ssh client uses Unix-domain sockets to communicate
with the X server on the local machine. Unix-domain sockets are like
normal TCP/IP sockets, with a couple of exceptions:
- Unlike TCP/IP sockets, their addresses are pathnames, so these
sockets live in the filesystem. Try /bin/ls -l /tmp/.X11-unix to see
an example.
- Unix-domain sockets allow connections only to other processes on the
same machine. This loss of flexibility gets you a speed benefit and
a much simpler security situation: you don't have to worry about
connections from arbitrary hosts on the internet.
(For those who don't know what a socket is, read `connection' instead:
it's roughly the same idea.)
Richard
Reply to: