Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

To: debian-user@lists.debian.org
Subject: Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
From: Lucas Castro <lucas@gnuabordo.com.br>
Date: Tue, 29 Jun 2021 15:59:57 -0300
Message-id: <[🔎] 6E42D96E-88F7-4159-8B6B-B4A3881BC0F9@gnuabordo.com.br>
In-reply-to: <[🔎] YNttaXzpL37egKcS@einval.com>
References: <[🔎] YNiNINUugExte2Vc@wooledge.org> <[🔎] fa9af46f-db1b-fc2f-c5e9-85b1a3f403e9@sdi-baja.com> <[🔎] b9063637-e003-4416-9753-55893f350eff@www.fastmail.com> <[🔎] 6675a829-b60f-0075-8f5b-ce569af81e3d@polynamaude.com> <[🔎] CAHv=rM1F_xyNSzKKpB=Mfsi-5GZC_=jY+2-rAWFVuxXr7ie4TA@mail.gmail.com> <[🔎] 36794266-e783-ad4b-00f9-6643e030243a@polynamaude.com> <[🔎] YNtLbvQ278mmLKUH@einval.com> <YNtX/XfxW3UPsigQ@wooledge.org> <[🔎] 766b787b-7c4d-b1b7-ebd9-2bf3e44a91e9@polynamaude.com> <[🔎] YNtp0CHozRDxb9os@wooledge.org> <[🔎] YNttaXzpL37egKcS@einval.com>

Jesus h

Em 29 de junho de 2021 15:58:49 BRT, "Andrew M.A. Cater" <amacater@einval.com> escreveu:

On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote:
On 2021-06-29 1:27 p.m., Greg Wooledge wrote:
On Tue, Jun 29, 2021 at 04:33:50PM +0000, Andrew M.A. Cater wrote:
ssh -Y is similar to ssh -X but does some authentication - yuu don't have
to use xhost+ or similar.

You don't use xhost with ssh -X, either.  At least, not explicitly.
ssh takes care of that for you.

In fact, on Debian, ssh -X and ssh -Y do exactly the same thing, due
to changes that Debian made.  This is documented in the ssh(1) man page.

If you've been using "xhost +" together with "ssh -X", you've been doing
it wrong (and *dramatically* destroying all your network security) all
along.

On Tue, Jun 29, 2021 at 02:05:18PM -0400, Polyna-Maude Racicot-Summerside wrote:
What I stated was pretty simple :

That was the fucking point.


Greg: If it helps, I get that - and have always got it. I hadn't appreciated
that - for Debian - ssh -X and ssh -Y are essentially identical. Thanks
for the pointer.

Sorry to have created any confusion.

It's _nearly_ July 1st. Tomorrow sometime I'll be getting round to reposting
the debian-user mailing list FAQ. Please, no rude words, especially the f-ing
word? As frustrating as any of us can be, it doesn't add merit to argument.
Email is already hard enugh to understand and appreciate: there are folk
here where English is a non-native language and swear words don't help
carry meaning.


All the very best to you both - and everybody reading and using this list
and it's archives.

Andy Cater


Now, if you want to advocate that people should use xhost + because
that's how you learned things back in the early 1990s, that's your right,
but I hope you will at least point out how INCREDIBLY INSECURE this is,
and that it should only be done on an isolated private network, and only
for educational purposes, never for actual work.

Even then, you wouldn't combine it with ssh -X.  xhost + and manually
overriding DISPLAY bypasses the ssh encryption layer entirely.  It also
involves starting the X server with a non-default option, so it's quite
a lot more work than using ssh -X.  Which is good.  We wouldn't want the
horribly broken way to be the easy way.

--
Enviado de meu dispositivo Android com K-9 mail. Desculpe-me pela brevidade.

Reply to:

References:
- Re: Wanted: a special purpose Debian installer
  - From: Greg Wooledge <greg@wooledge.org>
- Re: Wanted: a special purpose Debian installer
  - From: Peter Ehlert <pb21a@sdi-baja.com>
- X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: "Rick Thomas" <rick.thomas@pobox.com>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: IL Ka <kazakevichilya@gmail.com>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: "Andrew M.A. Cater" <amacater@einval.com>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: Greg Wooledge <greg@wooledge.org>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: Greg Wooledge <greg@wooledge.org>
- Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
  - From: "Andrew M.A. Cater" <amacater@einval.com>

Prev by Date: Re: Buster on Win 10 Problems
Next by Date: Re: Bullseye (mostly) not booting on Proliant DL380 G7
Previous by thread: Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
Next by thread: Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]
Index(es):
- Date
- Thread