Re: [SLE] export DISPLAY and xhost +
From: Sid Boyce (sboyce_at_blueyonder.co.uk)
Date: 05/26/04
- Previous message: David Johanson: "Re: [SLE] SCSI scanners (more)"
- In reply to: Anders Johansson: "Re: [SLE] export DISPLAY and xhost +"
- Next in thread: Anders Johansson: "Re: [SLE] export DISPLAY and xhost +"
- Reply: Anders Johansson: "Re: [SLE] export DISPLAY and xhost +"
- Reply: John Andersen: "Re: [SLE] export DISPLAY and xhost +"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 26 May 2004 00:14:01 +0100 To: suse-linux-e@suse.com
Anders Johansson wrote:
>On Tuesday 25 May 2004 20.12, Ken Schneider wrote:
>
>
>>>ssh -X
>>>
>>>
>>Use it all the time
>>
>>
>>
>>>NoMachine's NX
>>>
>>>VNC
>>>
>>>
>>Don't consider it as safe as ssh -X
>>
>>
>
>Forgive me, but I fail to see the problem then. Are you perhaps under the
>impression that remote X using DISPLAY travels over ssh just because you
>logged in with ssh -X when you ran it?
>
>It doesn't
>
>ssh -X will keep working even with -nolisten tcp as an option to X
>
>
>
"man ssh" gives that impression --------
X11 and TCP forwarding
If the ForwardX11 variable is set to “yes” (or see the description of the
-X and -x options described later) and the user is using X11 (the DISPLAY
environment variable is set), the connection to the X11 display is auto
matically forwarded to the remote side in such a way that any X11 pro
grams started from the shell (or command) will go through the encrypted
=======================
channel, and the connection to the real X server will be made from the
=========
local machine. The user should not manually set DISPLAY. Forwarding of
X11 connections can be configured on the command line or in configuration
files.
-------------------------------------------------------------------------------------------
Then it says
==========
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.
Now I'm a bit puzzled.
Regards
Sid.
-- Sid Boyce .... Hamradio G3VBV and keen Flyer Linux Only Shop. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: David Johanson: "Re: [SLE] SCSI scanners (more)"
- In reply to: Anders Johansson: "Re: [SLE] export DISPLAY and xhost +"
- Next in thread: Anders Johansson: "Re: [SLE] export DISPLAY and xhost +"
- Reply: Anders Johansson: "Re: [SLE] export DISPLAY and xhost +"
- Reply: John Andersen: "Re: [SLE] export DISPLAY and xhost +"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
