On Fri, 7 Jun 2013 13:53:38 -0400, Mark Pace wrote:
>I appreciate the heads-up, Mark. But this traffic is going through a VPN,
>so I'm not concerned about it. I will make note of this if I ever have to
>do this in the clear.
>
Your initial stated objective was to get X11 forwarding working and verified.
But now that it isn't but something else is working, you seem satisfied.
>On Fri, Jun 7, 2013 at 1:31 PM, Mark Post wrote:
>
>> > In this case the export DISPLAY IP is my desktop running the X server.
>>
>> Well, what is working is _not_ tunneling X over SSH. You're sending X
>> traffic back to your desktop over an entirely different port, with no
>> encryption. If anyone decides to close off traffic on ports 6000+ you're
>> going to be out of luck.
>>
A common pitfall is that programmers accustomed to other techniques code
in their .profile, $ENV, .login, .cshrc, .bashrc, ... code to set and export
DISPLAY, often based on parsing the output of a command such as "who am i".
This code must be made conditional wherever it occurs (often in several
places) with a conditional construct such as:
DISPLAY=${DISPLAY-`find-value-of-display`} export DISPLAY
in order not to override the value correctly set by sshd.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
