[ale] openssh and $DISPLAY

joshy joshy at mindspring.com
Sun Aug 13 00:02:07 EDT 2000 

I seem to recall using the -X option to turn it on. All of the X
connections are tunneled through ssh and the actual connection to the X
server is made from the local machine. This has the added benefit of
working transparently through firewalls. no special port configuration
required. I have a firewall at home and one at work. To get to my work
machine have to ssh to an outside machine at work, then ssh a second time
to my workstation. Since ssh does all of the tunneling for me I can get
two machines without public ips to find and talk to eachother. of course
my packets were being encrypted twice, but that's the price ya gotta pay
for such flexibility.


- joshy

On Sat, Aug 12, 2000 at 09:51:14PM -0600, Robert L. Harris wrote:
> 
> 
> No it's not.
> 
> With commercial ssh, sshd and the client set the $DISPLAY and then  "tunnels" 
> the X through the ssh connection.  This is what I'm looking for.
> 
> 
> Thus spake Tomas (tomas at kahuna.clayton.edu):
> 
> > I use ssh to log in and then I use xhost at my machine and set the display
> >  manualy at the server (actually via a script).  So does that mean the info
> >  being sent to me is encrypted or not, and if not then is there away to have encrypted X!! networking?
> > 
> > Tomas
> > 
> > 
> > 
> > 
> > On Sat, Aug 12, 2000 at 11:30:28PM -0400, Thompson Freeman wrote:
> > > 
> > > Unless I'm sadly mistaken, I'm using openssh under RH6.2, and the DISPLAY
> > > variable gets set very nicely.
> > > 
> > > On Sat, 12 Aug 2000, Robert L. Harris wrote:
> > > 
> > > > Thus spake Joe Knapka (jknapka at earthlink.net):
> > > > 
> > > > > Wandered Inn wrote:
> > > > > > 
> > > > > > "Robert L. Harris" wrote:
> > > > > > >
> > > > > > > A number of things like xv, xterm, and very rarely netscape.
> > > > > > 
> > > > > > Here's my call to nxterm from my primary machine (denali) to my work
> > > > > > machine (lhotse):
> > > > > > 
> > > > > > ssh -l gamyers gamyers /usr/X11R6/bin/nxterm -ls -sb -sl 200 -si -sk -bg
> > > > > > DarkSlateGray -fg OldLace -T lhotse -n lhotse -display denali:0
> > > > > 
> > > > > The problem with this is that, while the initial command to start the
> > > > > nxterm will be encrypted by ssh, the X packets between lhotse and
> > > > > denali will not, and thus are open to sniffing.
> > > > > 
> > > > > SSH provides an automatic mechanism to securely forward an X
> > > > > session between the server and the client; older versions of
> > > > > SSH automatically set the DISPLAY variable to point to the
> > > > > forwarded port. That's what you meant, right, Robert?
> > > > > 
> > > > 
> > > > Exactly.  Tunneling the Display through the tunnel.  Can OpenSSH 
> > > > do this?
> > > > 
> > > > Robert
> > > > 
> > > > :wq!
> > > > ---------------------------------------------------------------------------
> > > > Robert L. Harris                |  Micros~1 :  
> > > > Senior System Engineer          |    For when quality, reliability 
> > > >   at RnD Consulting             |      and security just aren't
> > > >                                 \_       that important!
> > > > DISCLAIMER:
> > > >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > > > FYI:
> > > >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > > > 
> > > > --
> > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > > > 
> > > 
> > > -- 
> > > ===========================================
> > > The harder I work, the luckier I get.
> > >                     Lee Iocca
> > > ===========================================
> > > Thompson Freeman          tfreeman at digichem.net
> > > 
> > > --
> > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> 
> 
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                |  Micros~1 :  
> Senior System Engineer          |    For when quality, reliability 
>   at RnD Consulting             |      and security just aren't
>                                 \_       that important!
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

-- 
Then in the end the love you take
    is equal to the love you make
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list