[Fwd: Re: X-windows security in Gnome]

David F. Newman dnewman at maraudingpirates.org
Sat May 18 07:43:09 EST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 17 May 2002 05:13 pm, Nicolas.Williams at ubsw.com wrote:
> The "integration" of SSH with apps is already there.
>
> Read the OpenSSH [or other SSH implementation's] man pages and the SSHv2
> specs. RTFM!
>
> Essentially SSH supports tunneling of X11 traffic. The SSH daemon is
> responsible for creating a local X11 display endpoint and setting the
> DISPLAY environment variable appropriately, then the apps you run in SSH
> sessions with X11 forwarding do the right thing and open a display which is
> really the SSH daemon and which proxies back-and-forth to the SSH client,
> which then proxies back and forth to its DISPLAY.
>
[snip]

IMHO, I wouldn't call that "integrated".  ssh is an external tool which 
provides a tunnel for the X traffic.  I would consider it integrated if the X 
server itself talked SSH as well as the core X libraries.  X clients would 
connect to <someotherhost>:0 instead of <localhost:10> and the X libraries 
would transparently use the SSH protocol if available.

This would be analogous to a non-SSL aware mail client using stunnel to access 
an SSL imap mailbox.  If the mail client to talk SSL natively to the server 
without anything in between then you could call it integrated.

- -Dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)

iD8DBQE85Xlxu3B/p4jCw/IRAtNwAKCIYKLbmiT0lY6Q27L1kHFQldSQ3QCfRDm+
Wam0KRzwdx+W1GSmOQqodg4=
=KUkw
-----END PGP SIGNATURE-----




More information about the openssh-unix-dev mailing list