On Thu, 21 Sep 2000, Jose Luis Tinoco wrote:
We have here a server and a couple of X-terminals connected to it (X over ip). Is it somehow possible for a regular user to set a sniffer or something similar (as user of the server on the server) so that he/she can "see" the whole X-session another ones who sits at a terminal?
As far as I know (which is not very far ;-) it should not be possible to snoop a X session only with user access on the server as long as X authorisation with cookies is used. If users from the server or from other machines can see the X protocol traffic on the wire there is no security with plain X protocol.
Should I consider tunneling all X-sessions through ssh, or is this unnecessary?
Generally this is desirable in the interest of security but your X terminals have to support it or they have to be on a separate segment with a machine doing SSH tunneling to the server (sort of VPN). Robert -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)