Anders Johansson wrote:
On Tuesday 25 May 2004 20.12, Ken Schneider wrote:
ssh -X
Use it all the time
NoMachine's NX
VNC
Don't consider it as safe as ssh -X
Forgive me, but I fail to see the problem then. Are you perhaps under the impression that remote X using DISPLAY travels over ssh just because you logged in with ssh -X when you ran it?
It doesn't
ssh -X will keep working even with -nolisten tcp as an option to X
"man ssh" gives that impression -------- X11 and TCP forwarding If the ForwardX11 variable is set to “yes” (or see the description of the -X and -x options described later) and the user is using X11 (the DISPLAY environment variable is set), the connection to the X11 display is auto matically forwarded to the remote side in such a way that any X11 pro grams started from the shell (or command) will go through the encrypted ======================= channel, and the connection to the real X server will be made from the ========= local machine. The user should not manually set DISPLAY. Forwarding of X11 connections can be configured on the command line or in configuration files. ------------------------------------------------------------------------------------------- Then it says ========== -X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. Now I'm a bit puzzled. Regards Sid. -- Sid Boyce .... Hamradio G3VBV and keen Flyer Linux Only Shop.