[CLUE-Tech] ssh and xwindows

Timothy C. Klein teece at silverklein.net
Fri Dec 26 11:31:59 MST 2003 

* David Anselmi (anselmi at americanisp.net) wrote:
> Jeff Cann wrote:
> >Here's a cool, automatic trick that may not be well-known.
> >
> >If I have my DISPLAY enviromental variable set and my x windows server set 
> >to accept connections from remote servers (e.g., $ xhost +) when I ssh 
> >into another server, SSH automatically sets DISPLAY back to the 
> >originating host.  
> [...]
> >Here's a simple example.  Note that in an insecure environment, you 
> >probably want to pass arguments to xhost.  See the man page for xhost.
> >
> >$ echo $DISPLAY
> >:0.0
> >
> >$ xhost +
> >access control disabled, clients can connect from any host
> 
> I don't have a way to check at the moment, but the "xhost +" shouldn't 
> be required and the X connection should be secure if the client and 
> server allow X forwarding (and perhaps the X server allows TCP 
> connections)(see ForwardX11 in the man pages).
> 
> The $DISPLAY that ssh sets up on the server is to a local (to the 
> server) port.  The data the server sends there (display for the server's 
> X application) gets forwarded over the ssh connection (encrypted) to the 
> client.  On the client it is passed to the X server and looks like it is 
> local to the client.
> 
> ssh can do this for TCP connections in general.  The X forwarding is the 
> same thing, with automatic management of $DISPLAY.

I don't set xhost anymore.  I just make sure that ssh is doing X
forwarding, and that the X server is set up to allow remote connections
(Debian turns this off by default).

I agree with Jeff, this is super handy.  I used to fiddle with xhost,
and xauth and magic cookies in a little script I had.  But it was a bit
of pain -- this feature of ssh is super convenient.

Tim
--
==============================================
== Timothy Klein || teece at silverklein.net   ==
==  Vanity Page: http://tinyurl.com/vkhp    ==
== ---------------------------------------- ==
== Hello_World.c: 17 Errors, 31 Warnings... ==
==============================================

More information about the clue-tech mailing list