secure Xapps tunnel
Jim Knoble
jmknoble at pobox.com
Fri Feb 26 18:42:14 EST 2010
On 2010-02-25 10:52, Deutschem wrote:
: i want to show remote X-apps on my desktop.
:
: now, i know from google that xhost and xauth is not the way to
: so that very secure.
:
: now, i have a ssh_config with X forwarding enabled and a server with
: forwarding enabled, too.
:
: now when i connect to server i read that ssh creates automaticaly a
: Xauthory file.
: So i know that this is the xauth way with supercookies etc.
:
: but i dont want to use the xauth way, i want only tunnel xapps through
: ssh.
[...]
: ok, now, how can i securely show xapps on my xserver with ssh ?
When X11 forwarding is turned on, OpenSSH does the following:
(1) Create a local X11 display on the remote host (usually the first
free display beginning with "DISPLAY=:10"). This display is
tunneled back to the originating host's display.
(2) Create a cookie in an XAUTHORITY file (usually ~/.Xauthority) on the
remote host which allows access to the display it created on the
remote host.
For example:
--------------------
localhost$ echo $DISPLAY
:0.0
localhost$ ssh -X -Y remotehost
remotehost$ echo $DISPLAY
:10.0
remotehost$ xauth list $DISPLAY
remotehost/unix:10 MIT-MAGIC-COOKIE-1 0d599f0ec05c3bda8c3b8a68c32a1b47
remotehost$ xterm &
(xterm appears on localhost's display ":0.0")
--------------------
The manual page explains more about '-X' and '-Y'.
(Falls das Vorgehende nicht ganz klar ist, bitte schreiben Sie mir
persoenlich, dann koennen wir auf deutsch versuchen.)
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
More information about the openssh-unix-dev
mailing list