[ale] Remote X (is a secure Full X session possible?)

Michael Hirsch mhirsch at nubridges.com
Fri Aug 30 09:45:05 EDT 2002 

On Fri, 2002-08-30 at 00:39, James P. Kinney III wrote:
> Look at stunnel. It supports arbitrary port forwarding with encryption.
> NFS has been routed through stunnel (I don't know how since NFS is UDP
> not TCP). But X is TCP, so it should work.

Good idea.  You can do the same thing with ssh, also.  Use stunnel or
ssh to forward port 6001 on the remote box to 6000 on your local box,
then gun xdm on display localhost:1 on the remote box.

--Michael
 
> On Fri, 2002-08-30 at 00:03, John Wells wrote:
> > Mike,
> > 
> > I'm sure there's a better way, but I've done this by starting an xterm
> > over ssh and then running gnome-session from the xterm.
> > 
> > John
> > 
> > 
> > On Thu, 2002-08-29 at 22:54, Mike Panetta wrote:
> > > Does anyone know how to do something like this, but instead of
> > > forwarding just a single xterm over ssh, forward an entire 'X -query
> > > [servername]' type session over ssh?  I would like to figure out how to
> > > do a secure remote X session (ala XDM or rather GDM) via ssh or some
> > > other secure means.
> > > 
> > > Thanks,
> > > Mike
> > > 
> > > On Thu, 2002-08-29 at 06:46, Michael Kachline ext 2848 wrote:
> > > > 
> > > > > The first step to me, is to get remote (Desktop) X clients to run on my 
> > > > > Laptop X server.  I'm having problems.
> > > > > 
> > > > > 1) login to Laptop
> > > > > 2) xhost +Desktop
> > > > > 3) ssh Desktop
> > > > > 4) export DISPLAY=Laptop:0.0
> > > > > 5) xterm &
> > > > 
> > > > 	This sounds right and not right. When you ssh to a host, the ssh 
> > > > client will typically set up a phony DISPLAY on the remote machine. If you 
> > > > want to ssh to the remote box, then it should be as simple as:
> > > > 
> > > > Laptop$ ssh desktop
> > > > Desktop$ xterm &
> > > > 
> > > > ... If, when you ssh to dekstop, ssh issues a message to the tune of 
> > > > "disabling remote forwarding", then edit your .ssh/known_hosts file, and 
> > > > remove the key for "Desktop". SSH in again (this will pick up a new host 
> > > > key for desktop). Once your ssh client sees the proper host key for the 
> > > > host which you are connecting to, it will then allow for the above process 
> > > > to work (Given you haven't disabled X forwarding in your /etc/ssh_config 
> > > > or /etc/sshd_config).
> > > > 
> > > > 
> > > > If you want to use the tried and true (and insecure) "xhost" method, then:
> > > > 
> > > > Laptop$ xhost +Desktop
> > > > Laptop$ telnet Desktop
> > > > Desktop$ export DISPLAY="Laptop:0.0"
> > > > Desktop$ xterm &
> > > > 
> > > > 
> > > > 	I've been down the xauth road and do not remember fond memories of 
> > > > it. It was a difficult process which was thankfully superceded by ssh. I 
> > > > would consider it a very last resort if you cannnot get one of the above 
> > > > two methods to work.
> > > > 
> > > > 
> > > > 							- Mike
> > > > --------------------------------------------------------------------
> > > >  Michael Kachline
> > > >  Systems Programmer
> > > > 
> > > >  Intec Telecom Systems
> > > >  Building G, 4th Floor                      
> > > >  5775 Peachtree-Dunwoody Road            
> > > >  Atlanta, GA  30342
> > > > --------------------------------------------------------------------
> > > > 
> > > > 
> > > > ---
> > > > This message has been sent through the ALE general discussion list.
> > > > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> > > > sent to listmaster at ale dot org.
> > > > 
> > > 
> > > 
> > > 
> > > ---
> > > This message has been sent through the ALE general discussion list.
> > > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> > > sent to listmaster at ale dot org.
> > > 
> > 
> > 
> > 
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> > sent to listmaster at ale dot org.
> -- 
> James P. Kinney III   \Changing the mobile computing world/
> President and CEO      \          one Linux user         /
> Local Net Solutions,LLC \           at a time.          /
> 770-493-8244             \.___________________________./
> 
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 
> 
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list