On Thu, Jun 14, 2001 at 09:30:59PM +0200, Miquel Mart?n L?pez wrote: > Hi David! > Well, in my case the terminal is an VT-100, so it's connected directly to > the one of the serial ports of the server, so nothing's going wildly to the > network in cleartext.
> I don't know about Xterminals, though... I guess they are networked, but I > really don't know much about the protocol :( They talk X11 over TCP/IP over ethernet. They are exactly as insecure as doing remote X11 with a normal Unix machine running the X server. I.e. don't type any passwords that shouldn't be seen by someone who can get at the network cables. Everything goes in the clear, and is totally sniffable. Access control is provided by IP addr-based xhosts (which obviously sucks because it uses IP addrs for auth purposes), or with MIT-MAGIC-COOKIE-1, or XDM-AUTHORIZATION xauth stuff. (The NCD x terminal I salvaged supports those, so that's what I'm basing this on...). An X terminal is ok, as long as you use it on a private network that only connects it to a server. You can use ssh to tunnel connections from places farther away than the server _to_ the server, and have them go in the clear between the server and the X terminal. How secure is MIT-MAGIC-COOKE-1, anyway? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
