Mailinglist Archive: opensuse (4547 mails)

< Previous Next >
Re: [SLE] export DISPLAY and xhost +
  • From: Sid Boyce <sboyce@xxxxxxxxxxxxxxxx>
  • Date: Wed, 26 May 2004 00:14:01 +0100
  • Message-id: <40B3D339.800@xxxxxxxxxxxxxxxx>
Anders Johansson wrote:

On Tuesday 25 May 2004 20.12, Ken Schneider wrote:

ssh -X

Use it all the time


NoMachine's NX

VNC

Don't consider it as safe as ssh -X


Forgive me, but I fail to see the problem then. Are you perhaps under the impression that remote X using DISPLAY travels over ssh just because you logged in with ssh -X when you ran it?

It doesn't

ssh -X will keep working even with -nolisten tcp as an option to X


"man ssh" gives that impression --------
X11 and TCP forwarding
If the ForwardX11 variable is set to “yes” (or see the description of the
-X and -x options described later) and the user is using X11 (the DISPLAY
environment variable is set), the connection to the X11 display is auto­
matically forwarded to the remote side in such a way that any X11 pro­
grams started from the shell (or command) will go through the encrypted
=======================
channel, and the connection to the real X server will be made from the
=========
local machine. The user should not manually set DISPLAY. Forwarding of
X11 connections can be configured on the command line or in configuration
files.
-------------------------------------------------------------------------------------------
Then it says
==========
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.

Now I'm a bit puzzled.
Regards
Sid.

--
Sid Boyce .... Hamradio G3VBV and keen Flyer
Linux Only Shop.


< Previous Next >