Ralph Zeller wrote:
> localhost$ xhost +remotehost
> remotehost being added to access control list
> localhost$ ssh remotehost
> [EMAIL PROTECTED]'s password:
> Last login: xxxxxxxxx
> remotehost$ xterm
Um, that might not be a good idea...
The "xhost +" command completely disables X's authentication checking.
Anyone who can open a TCP connection to your local machine can
do absolutely anything to your X display: read everything on your
screen and capture all your keystrokes, for example.
It looks like you're also running the X11 protocol across the wire.
That leaves the whole session sniffable.
If you're certain you're behind an impenetrable firewall and only
trustworthy people are there with you, it's okay. But who's certain
of that?
A better way, and what I think Rob was asking for, is to run X11
tunneled through ssh. Do it like this.
localhost$ ssh -X remotehost
[EMAIL PROTECTED]'s password:
Last login: xxxxxxxxx
remotehost$ xterm
The ssh(1) man page describes the process.
To be even safer, tell the X server not to listen for TCP connections.
Edit /etc/X11/xdm/Xservers and add the arg "-nolisten tcp" to the
command. E.g., mine says this.
:0 local /usr/X11R6/bin/X -nolisten tcp
--
Bob Miller K<bob>
kbobsoft software consulting
http://kbobsoft.com [EMAIL PROTECTED]
_______________________________________________
EuG-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
