[ale] ssh, DISPLAY, X11Forwarding

David Corbin dcorbin at machturtle.com
Mon Sep 1 08:12:56 EDT 2003 

OpenSSH doesn't appear to allow "none", unfortunately.


On Monday 01 September 2003 01:09, Dow Hurst wrote:
> David,
> If you dive into the ssh docs, you should find how you can specify
> certain encryption types in your sshd_config file.  You can select none
> as an encryption method.  This essentially turns off all encryption.
> Now I use the ssh.com version of SSH and have tried this for a
> connection between two machines running within our VPN.  No encryption
> was needed and it did speed things up a bit.  Doing things this way does
> take care of xauth setup nicely since ssh does that for you.  You can
> tell X to use xhost instead of xauth and then do xhost
> remotemachine.yourdomain.org.  Then telnet to the remote machine and
> start your app.  The remote machine has permission for any user or app
> to display on your local machine's display.  Not secure at all but
> useable in a secure environment.  Either way works.  You'll have to dive
> into the X docs or grep out the file that has the xauth or xhost
> authentication setting.
>
> IIRC, you can also specify certain encryption types for particular
> machines in ssh_config and sshd_config.  You'll have to read the man
> pages, I don't remember the specifics.  It may not be possible to do it
> per machine.  I can't remember that.  However, lots of stuff if
> configurable on a per machine or domain basis.   Hope this helps,
> Dow
>
> David Corbin wrote:
> >When I "ssh -X", it correctly sets the DISPLAY to "localhost:10.0", and
> > then relays the all the X stuff.  Works great.  However, I'm thinking in
> > my environment, something better might work.  I'm on a home LAN, so I
> > don't really need to spend CPU cycles to encrypt everything.  Is there an
> > SSH option that says "don't bother encrypting"?
> >
> >As an extension of this, if I start on machine "b", and do "ssh -X a" and
> >there I do "ssh -X b", the path that the X protocol flows through seems
> >"unneccessarily complex".  Is there someone to set things up so this
> > resolves better and more efficiently automatically.

-- 
David Corbin <dcorbin at machturtle.com>

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list