[clue-tech] how do I get gnome desktop to host x sessions from remote servers?

David Williams dkwloki-clue at yahoo.com
Fri Oct 9 14:22:32 MDT 2009 

Hey Guys,

Thanks for all the help.
On Ubuntu the System->Administration->Windows Login  allowed me to change my XServer to accept tcp.

I tried connecting w/ssh -XY but when I look at wireshark all the traffic keeps coming in on port 6000.  I assumed I would see something on port 22, but not completely sure how port forwarding works.  I also turned on X11Forwarding on my servers sshd_config to yes.

As for all the tcp attack paranoia, I put up a ufw firewall and restricted generic access to all users except the server that I want to host X applications from.  Does this seem reasonable?

Thanks,
-David

--- On Thu, 10/8/09, Nate Duehr <nate at natetech.com> wrote:

> From: Nate Duehr <nate at natetech.com>
> Subject: Re: [clue-tech] how do I get gnome desktop to host x sessions from  remote servers?
> To: "CLUE technical discussion" <clue-tech at cluedenver.org>
> Date: Thursday, October 8, 2009, 3:24 PM
> Yes, tunneling X over SSH is the much
> safer/saner way to do X these
> days.  (Maybe always was? GRIN...)
> 
> Those settings to kill X listening on a port are pretty
> "standard" now
> for most distros as a "security feature" by default.
> 
> Fits nicely into that upcoming presentation at BLUG...
> balancing
> security and sanity... 
> 
> --
>   Nate Duehr
>   nate at natetech.com
> 
> On Thu, 08 Oct 2009 15:19 -0600, "chris fedde" <chris at fedde.us>
> wrote:
> > On Thu, Oct 8, 2009 at 2:32 PM, Charles Hutchinson
> <chutchin at geekboi.org>
> > wrote:
> > > Do you have "Deny TCP connections to Xserver"
> checked in the
> > > Administration->Login Window tool?  This is
> the default and if I remember
> > > correctly (fat chance) disables/enables TCP port
> 6000 for GDM.
> > >
> > > Charlie
> > >
> > 
> > The reason tcp connections to X default to off is
> because there are
> > some pretty spectacular exploits possible over the
> X.  If you enable
> > this be sure your firewall is blocking high number
> ports.
> > 
> > Another alternative is to use ssh -X  and let it
> tunnel all the remote
> > client traffic for you.
> > _______________________________________________
> > clue-tech mailing list
> > clue-tech at cluedenver.org
> > http://www.cluedenver.org/mailman/listinfo/clue-tech
> _______________________________________________
> clue-tech mailing list
> clue-tech at cluedenver.org
> http://www.cluedenver.org/mailman/listinfo/clue-tech
>

More information about the clue-tech mailing list