[CLUE-Tech] ssh and xwindows
Timothy C. Klein
teece at silverklein.net
Fri Dec 26 11:31:59 MST 2003
* David Anselmi (anselmi at americanisp.net) wrote:
> Jeff Cann wrote:
> >Here's a cool, automatic trick that may not be well-known.
> >
> >If I have my DISPLAY enviromental variable set and my x windows server set
> >to accept connections from remote servers (e.g., $ xhost +) when I ssh
> >into another server, SSH automatically sets DISPLAY back to the
> >originating host.
> [...]
> >Here's a simple example. Note that in an insecure environment, you
> >probably want to pass arguments to xhost. See the man page for xhost.
> >
> >$ echo $DISPLAY
> >:0.0
> >
> >$ xhost +
> >access control disabled, clients can connect from any host
>
> I don't have a way to check at the moment, but the "xhost +" shouldn't
> be required and the X connection should be secure if the client and
> server allow X forwarding (and perhaps the X server allows TCP
> connections)(see ForwardX11 in the man pages).
>
> The $DISPLAY that ssh sets up on the server is to a local (to the
> server) port. The data the server sends there (display for the server's
> X application) gets forwarded over the ssh connection (encrypted) to the
> client. On the client it is passed to the X server and looks like it is
> local to the client.
>
> ssh can do this for TCP connections in general. The X forwarding is the
> same thing, with automatic management of $DISPLAY.
I don't set xhost anymore. I just make sure that ssh is doing X
forwarding, and that the X server is set up to allow remote connections
(Debian turns this off by default).
I agree with Jeff, this is super handy. I used to fiddle with xhost,
and xauth and magic cookies in a little script I had. But it was a bit
of pain -- this feature of ssh is super convenient.
Tim
--
==============================================
== Timothy Klein || teece at silverklein.net ==
== Vanity Page: http://tinyurl.com/vkhp ==
== ---------------------------------------- ==
== Hello_World.c: 17 Errors, 31 Warnings... ==
==============================================
More information about the clue-tech
mailing list