remote xterm - how can I make it work
Alexander Gottwald
Alexander.Gottwald@s1999.tu-chemnitz.de
Mon Dec 23 17:01:00 GMT 2002
kumarchi@attbi.com wrote:
> xhost + <remote_machine>
> and add to the remote control list ( i guess i will put it in .xinitrc)
After reading that and the telnet thing from the first post I _have_ to
add some security notes.
First: telnet is bad! With telnet everything you enter is sent unprotected
over the network. Everybody on the path between the local and the remote
host can read all you enter. Even passwords.
_Instead of telnet, use ssh where possible!_
Using xhost is a security problem too. You allow everyone on the remote host
to connect to your xserver. This means again he can control the complete
X11 desktop (and capture any keystrokes). Normally these authentication is
done via a autogenerated password (called cookies). You can show and edit
this authentication info with the program xauth.
The X11 forwarding option of ssh tries to bypass this vulnerabiltiy. You only
connect to a virtual xserver to which only _you_ can connect and all network
traffic to the real xserver is encrypted by ssh. So no one on the network can
listen what you do.
In short:
Use ssh!
"ssh -X remotehost" will create a connection to the remote host and set up
everthing for X11 forwarding. Ever xclient started on the remotehost within
the session is automaticly forward to your display.
bye
ago, writing long christmas security information
Merry Christmas to everone on the list!
NP: grauzone.02-12-23
--
Alexander.Gottwald@informatik.tu-chemnitz.de
http://www.gotti.org ICQ: 126018723
More information about the Cygwin-xfree
mailing list