Mailinglist Archive: opensuse (4547 mails)

< Previous Next >
Re: [SLE] export DISPLAY and xhost +
  • From: Sid Boyce <sboyce@xxxxxxxxxxxxxxxx>
  • Date: Wed, 26 May 2004 00:14:01 +0100
  • Message-id: <40B3D339.800@xxxxxxxxxxxxxxxx>
Anders Johansson wrote:

On Tuesday 25 May 2004 20.12, Ken Schneider wrote:

ssh -X

Use it all the time

NoMachine's NX


Don't consider it as safe as ssh -X

Forgive me, but I fail to see the problem then. Are you perhaps under the impression that remote X using DISPLAY travels over ssh just because you logged in with ssh -X when you ran it?

It doesn't

ssh -X will keep working even with -nolisten tcp as an option to X

"man ssh" gives that impression --------
X11 and TCP forwarding
If the ForwardX11 variable is set to “yes” (or see the description of the
-X and -x options described later) and the user is using X11 (the DISPLAY
environment variable is set), the connection to the X11 display is auto­
matically forwarded to the remote side in such a way that any X11 pro­
grams started from the shell (or command) will go through the encrypted
channel, and the connection to the real X server will be made from the
local machine. The user should not manually set DISPLAY. Forwarding of
X11 connections can be configured on the command line or in configuration
Then it says
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.

Now I'm a bit puzzled.

Sid Boyce .... Hamradio G3VBV and keen Flyer
Linux Only Shop.

< Previous Next >