[ale] openssh and $DISPLAY

Robert L. Harris Robert.L.Harris at rnd-consulting.com
Sat Aug 12 23:51:14 EDT 2000 



No it's not.

With commercial ssh, sshd and the client set the $DISPLAY and then  "tunnels" 
the X through the ssh connection.  This is what I'm looking for.


Thus spake Tomas (tomas at kahuna.clayton.edu):

> I use ssh to log in and then I use xhost at my machine and set the display
>  manualy at the server (actually via a script).  So does that mean the info
>  being sent to me is encrypted or not, and if not then is there away to have encrypted X!! networking?
> 
> Tomas
> 
> 
> 
> 
> On Sat, Aug 12, 2000 at 11:30:28PM -0400, Thompson Freeman wrote:
> > 
> > Unless I'm sadly mistaken, I'm using openssh under RH6.2, and the DISPLAY
> > variable gets set very nicely.
> > 
> > On Sat, 12 Aug 2000, Robert L. Harris wrote:
> > 
> > > Thus spake Joe Knapka (jknapka at earthlink.net):
> > > 
> > > > Wandered Inn wrote:
> > > > > 
> > > > > "Robert L. Harris" wrote:
> > > > > >
> > > > > > A number of things like xv, xterm, and very rarely netscape.
> > > > > 
> > > > > Here's my call to nxterm from my primary machine (denali) to my work
> > > > > machine (lhotse):
> > > > > 
> > > > > ssh -l gamyers gamyers /usr/X11R6/bin/nxterm -ls -sb -sl 200 -si -sk -bg
> > > > > DarkSlateGray -fg OldLace -T lhotse -n lhotse -display denali:0
> > > > 
> > > > The problem with this is that, while the initial command to start the
> > > > nxterm will be encrypted by ssh, the X packets between lhotse and
> > > > denali will not, and thus are open to sniffing.
> > > > 
> > > > SSH provides an automatic mechanism to securely forward an X
> > > > session between the server and the client; older versions of
> > > > SSH automatically set the DISPLAY variable to point to the
> > > > forwarded port. That's what you meant, right, Robert?
> > > > 
> > > 
> > > Exactly.  Tunneling the Display through the tunnel.  Can OpenSSH 
> > > do this?
> > > 
> > > Robert
> > > 
> > > :wq!
> > > ---------------------------------------------------------------------------
> > > Robert L. Harris                |  Micros~1 :  
> > > Senior System Engineer          |    For when quality, reliability 
> > >   at RnD Consulting             |      and security just aren't
> > >                                 \_       that important!
> > > DISCLAIMER:
> > >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > > FYI:
> > >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > > 
> > > --
> > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > > 
> > 
> > -- 
> > ===========================================
> > The harder I work, the luckier I get.
> >                     Lee Iocca
> > ===========================================
> > Thompson Freeman          tfreeman at digichem.net
> > 
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list