[ale] Remote X (is a secure Full X session possible?)

John Wells jb at sourceillustrated.com
Fri Aug 30 00:03:26 EDT 2002


Mike,

I'm sure there's a better way, but I've done this by starting an xterm
over ssh and then running gnome-session from the xterm.

John


On Thu, 2002-08-29 at 22:54, Mike Panetta wrote:
> Does anyone know how to do something like this, but instead of
> forwarding just a single xterm over ssh, forward an entire 'X -query
> [servername]' type session over ssh?  I would like to figure out how to
> do a secure remote X session (ala XDM or rather GDM) via ssh or some
> other secure means.
> 
> Thanks,
> Mike
> 
> On Thu, 2002-08-29 at 06:46, Michael Kachline ext 2848 wrote:
> > 
> > > The first step to me, is to get remote (Desktop) X clients to run on my 
> > > Laptop X server.  I'm having problems.
> > > 
> > > 1) login to Laptop
> > > 2) xhost +Desktop
> > > 3) ssh Desktop
> > > 4) export DISPLAY=Laptop:0.0
> > > 5) xterm &
> > 
> > 	This sounds right and not right. When you ssh to a host, the ssh 
> > client will typically set up a phony DISPLAY on the remote machine. If you 
> > want to ssh to the remote box, then it should be as simple as:
> > 
> > Laptop$ ssh desktop
> > Desktop$ xterm &
> > 
> > ... If, when you ssh to dekstop, ssh issues a message to the tune of 
> > "disabling remote forwarding", then edit your .ssh/known_hosts file, and 
> > remove the key for "Desktop". SSH in again (this will pick up a new host 
> > key for desktop). Once your ssh client sees the proper host key for the 
> > host which you are connecting to, it will then allow for the above process 
> > to work (Given you haven't disabled X forwarding in your /etc/ssh_config 
> > or /etc/sshd_config).
> > 
> > 
> > If you want to use the tried and true (and insecure) "xhost" method, then:
> > 
> > Laptop$ xhost +Desktop
> > Laptop$ telnet Desktop
> > Desktop$ export DISPLAY="Laptop:0.0"
> > Desktop$ xterm &
> > 
> > 
> > 	I've been down the xauth road and do not remember fond memories of 
> > it. It was a difficult process which was thankfully superceded by ssh. I 
> > would consider it a very last resort if you cannnot get one of the above 
> > two methods to work.
> > 
> > 
> > 							- Mike
> > --------------------------------------------------------------------
> >  Michael Kachline
> >  Systems Programmer
> > 
> >  Intec Telecom Systems
> >  Building G, 4th Floor                      
> >  5775 Peachtree-Dunwoody Road            
> >  Atlanta, GA  30342
> > --------------------------------------------------------------------
> > 
> > 
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> > sent to listmaster at ale dot org.
> > 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list