[ale] ssh, DISPLAY, X11Forwarding

David Corbin dcorbin at machturtle.com
Mon Sep 1 08:16:08 EDT 2003 

Well, not for protocol version 2.  I can step down to protocol version 1 for 
somethings....

On Monday 01 September 2003 08:12, David Corbin wrote:
> OpenSSH doesn't appear to allow "none", unfortunately.
>
> On Monday 01 September 2003 01:09, Dow Hurst wrote:
> > David,
> > If you dive into the ssh docs, you should find how you can specify
> > certain encryption types in your sshd_config file.  You can select none
> > as an encryption method.  This essentially turns off all encryption.
> > Now I use the ssh.com version of SSH and have tried this for a
> > connection between two machines running within our VPN.  No encryption
> > was needed and it did speed things up a bit.  Doing things this way does
> > take care of xauth setup nicely since ssh does that for you.  You can
> > tell X to use xhost instead of xauth and then do xhost
> > remotemachine.yourdomain.org.  Then telnet to the remote machine and
> > start your app.  The remote machine has permission for any user or app
> > to display on your local machine's display.  Not secure at all but
> > useable in a secure environment.  Either way works.  You'll have to dive
> > into the X docs or grep out the file that has the xauth or xhost
> > authentication setting.
> >
> > IIRC, you can also specify certain encryption types for particular
> > machines in ssh_config and sshd_config.  You'll have to read the man
> > pages, I don't remember the specifics.  It may not be possible to do it
> > per machine.  I can't remember that.  However, lots of stuff if
> > configurable on a per machine or domain basis.   Hope this helps,
> > Dow
> >
> > David Corbin wrote:
> > >When I "ssh -X", it correctly sets the DISPLAY to "localhost:10.0", and
> > > then relays the all the X stuff.  Works great.  However, I'm thinking
> > > in my environment, something better might work.  I'm on a home LAN, so
> > > I don't really need to spend CPU cycles to encrypt everything.  Is
> > > there an SSH option that says "don't bother encrypting"?
> > >
> > >As an extension of this, if I start on machine "b", and do "ssh -X a"
> > > and there I do "ssh -X b", the path that the X protocol flows through
> > > seems "unneccessarily complex".  Is there someone to set things up so
> > > this resolves better and more efficiently automatically.

-- 
David Corbin <dcorbin at machturtle.com>

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list