[ale] Exported Display

Joseph A Knapka jknapka at earthlink.net
Wed Apr 3 12:08:32 EST 2002 

Geoffrey wrote:

> Jeff Hubbs wrote:
> 
>>>
>>> From the ssh man page:
>>>
>>> If the ForwardX11 variable is set to ``yes'' (or, see the description 
>>> o the -X and -x options described later) and the user is using X11 
>>> (the DISPLAY environment variable is set), the connection to the X11 
>>> display is automatically forwarded to the remote side in such a way 
>>> that any X11 programs started from the shell (or command) will go 
>>> through the encrypt­ed channel, and the connection to the real X 
>>> server will be made from the local machine.  The user should not 
>>> manually set DISPLAY. Forwarding of X11 connections can be configured 
>>> on the command line or in configurationfiles.
>>>
>> Hm, can you run this past me again?  I'm not catching the reason why 
>> "The user should not manually set DISPLAY."  I do what I do basically 
>> just using ssh instead of telnet like I used to. 

 >
 >

> 
> Basically they tell you in the next line, "Forwarding of X11 connections 
> can be configured on the command line or in configurationfiles."
> 
> The point is, you can turn it on in your ssh configuration, and not have 
> to mess with it at all.


Clarifying:

If you "ssh remotemachine; export DISPLAY=localmachine:0", then
your X connection is not going through the SSH channel, but rather
is flying in the clear from the remote box to your X server.
OTOH, when X11 forwarding is enabled in SSH, the SSH server sets
up a fake X server on the remote machine that forwards X requests
across the SSH pipe -- encrypted -- and feeds them to the
X server on your local machine. So in this case your DISPLAY
variable will be automatically set by ssh to something like
"remotemachine:<some_display_number_chosen_by_the_ssh_server>".
You can't know what display number the ssh server is going to
pick; thus you don't have the knowledge to set DISPLAY properly
if you want an encrypted X connection.

Cheers,


-- Joe
   Using open-source software: free.
   Pissing Bill Gates off: priceless.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list