a ssh x11 problem

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Mon Jan 24 16:11:47 UTC 2005 

heir pingy, 
what was the password again?

-----Original Message-----
From: Le grand pinguin [mailto:rm at mh-freiburg.de]
Sent: Friday, January 21, 2005 3:26 AM
To: Hudson Delbert J Contr 61 CS/SCBN
Cc: Kyle Gordon; ubuntu-users at lists.ubuntu.com
Subject: Re: a ssh x11 problem


On Thu, Jan 20, 2005 at 12:35:59PM -0800, Hudson Delbert J Contr 61 CS/SCBN wrote:
> is it absolutely neccesary to forward X.

Is this a question? 

> i never do so
> as any machine i can access via ssh doesnt require X
> and i would never do it on some one else's system w/out
> permission. its not a harmless connection as the opens the 
> for all sorts of keyloggers, addy and connection hijacking
> ip stack coding violations and corruption by java and others
> like it.

? Please what? X-Forwarding will just forward X request from programs 
_you_ start on the remote machine to your local X server (and your server
needs to acccept these requests). Where would an intruder intercept?
On the remote side the intruder would need to intercept the network stream
going from the application to the 'lo' inbterface - meaning having access
to the kernel - if that's the case there are other things to worry :-)
The traffic will be encrypted over the wire so there's no need to even 
discuss this. On the local side ... well, same situation as on the remote
side. Iff your X-authority works than an intruder needs to have full
root access and iff he/she has that ....

> its not clever it dangerous if we are talking an enterprise.

? Babelfish left me on this one.

> i cant think of a single firm of any size that would allow this type
> shenanigans.

I know at least three :-) Log in from home and work with your X applications.
That's exactly what X is for, or? Network transparent access to graphic
applications.

 Just my 0.03 $

    Ralf Mattes

> 
> -----Original Message-----
> From: ubuntu-users-bounces at lists.ubuntu.com
> [mailto:ubuntu-users-bounces at lists.ubuntu.com]On Behalf Of Kyle Gordon
> Sent: Friday, October 08, 2004 7:16 AM
> To: ubuntu-users at lists.ubuntu.com
> Subject: Re: a ssh x11 problem
> 
> 
> Hi,
> 
> ssh should really be setting the DISPLAY variable for you. To set this up,
> check the following items.
> 
> /etc/ssh/sshd_config on the remote computer should have the following line
> present in it somewhere
> 
> X11Forwarding yes
> 
> If not, then enter the line in and then run the following command as root to
> restart your ssh server (don't worry, it won't kill your running
> connection)
> /etc/init.d/ssh restart
> 
> Next, on your local machine, edit ~/.ssh/config, and make sure it has the
> following lines present in it as well.
> 
> ForwardX11 yes
> Compression yes
> 
> The ForwardX11 variable informs ssh to always set up X forwarding. You can
> skip this if you like, and just use the -X flag when connecting to a remote
> machine ie ssh -X username at remote.machine.com, when you want to forward X.
> 
> So, that should have you all up and running. If it's another Ubuntu or
> X-based machine that your ssh-ing to, then it all should work. You can
> check to see if it's worked by running 'echo $DISPLAY' and it should
> respond with something like "localhost:11.0" If it doesn't, then it's
> usually because xbase-clients isn't installed on the remote machine (maybe
> because it's a server or for some other valid reason)
> 
> Hope this help, let us know how you get on.
> 
> Regards
> Kyle
> 
> 
> 
> hernandez nestor wrote:
> 
> > salutations guys
> > I want to make a remote connection to another server
> > and use mine as terminal X,
> > but after doing the next:
> > -------
> > ssh nesthor at labci3
> > pass...
> > setenv DISPLAY myIP:0.0
> > xfig &
> > ------
> > the next message that appears is
> > can't open display myIP:0.0
> > 
> > first of all I typed on another terminal
> > xhost labci3
> > 
> > I don't have any ideas, anything you think it can work
> > please tell me
> > 
> > 
> > 
> > 
> > 
> > __________________________________
> > Do you Yahoo!?
> > Read only the mail you want - Yahoo! Mail SpamGuard.
> > http://promotions.yahoo.com/new_mail
> 
> 
> 
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> 
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users

More information about the ubuntu-users mailing list