Tunneling X-Sessions through SSH/SSL
Hi people! Has someone of you ever set up an encrypted X-connection between an xdm and an X-server? What has to be done for it? Could you please lead me to the right info sources? Thanks in advance, Anibal
* Anibal Vasquez wrote on Sat, Oct 14, 2000 at 00:05 +0200:
Has someone of you ever set up an encrypted X-connection between an xdm and an X-server? What has to be done for it? Could you please lead me to the right info sources?
Do you need an encrypted tunnel between xdm and the server or between xdm and the client? I think the later, ain't? Without xdm it's easy: just ssh to the server, that's it. SSH sets up X-forwarding automatically, and sets DISPLAY to localhost:<some high free number>, i.e. localhost:10 or so. The ssh takes care of forwarding the connection to the machine to started ssh, and takes care about session cookies etc. If you really need a complete session with xdm, you could set up ssh portforwaring before connecting. In that case you enable an ssh connection, forward the needed port(s) (i.e. 6000 IIRC), and connect to localhost. SSH forwards this connection encrypted to the other machine. Alternativly you could use stunnel or similar, but I haven't found a hint at the first look. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Steffen Dettmer wrote:
Do you need an encrypted tunnel between xdm and the server or between xdm and the client? I think the later, ain't?
Right, I need the later. An encrypted X-connection between an xdm on machine A and an X-Server on machine B. I want to be able to begin an X-session from machine B by quering for an xdm somewhere in the subnet and logging in on machine A from B (X-terminal, diskless PC). And want everything to be encrypted.
[...] If you really need a complete session with xdm, you could set up ssh portforwaring before connecting. In that case you enable an ssh connection, forward the needed port(s) (i.e. 6000 IIRC), and connect to localhost. SSH forwards this connection encrypted to the other machine.
IFAIK, the X-server on machine B looks for an xdm by quering port 177 in the subnet where it is (if set up to query). The xdm on machine A looks for a free port on machine A after accepting the request from machine B to set up the connection through to machine B´s X-server´s port 6000 + Displaynumber. So it would be necessary to dinamically set up an SSH/SSL-tunnel from the port on machine A (choosen by the xdm running there) and port 6000 + Displaynumber on machine B. Did I miss something? How can this be done? Where can I find info sources on this topic? Thanks in advance! Anibal
* Anibal Vasquez wrote on Sat, Oct 14, 2000 at 16:18 +0200:
Steffen Dettmer wrote:
ssh portforwaring before connecting. In that case you enable an ssh connection, forward the needed port(s) (i.e. 6000 IIRC), and connect to localhost. SSH forwards this connection encrypted to the other machine.
IFAIK, the X-server on machine B looks for an xdm by quering port 177 in the subnet where it is (if set up to query).
Well, I think if you specify the server at X start, no broadcasting is done, you shouldn't need to tunnel that.
B´s X-server´s port 6000 + Displaynumber. So it would be necessary to dinamically set up an SSH/SSL-tunnel from the port on machine A (choosen by the xdm running there) and port 6000 + Displaynumber on machine B.
Right, but in practise it should work if you forward 6000-6010 (i.e.) if you have less than 10 clients. I would just forward those ports and give a connect to localhost:1 (or whatever) a try. I think this could work, and so you won't have problems. If not, then it's time for searching the web a little ;)
Did I miss something? How can this be done? Where can I find info sources on this topic?
Well, I think you should use your favorite search engine to search for "xdm ssl stunnel ssh encryption" or something like that?! oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (2)
-
Anibal Vasquez
-
Steffen Dettmer