True - that was my stated objective. But it was out of ignorance, I thought all X went through SSH. Since this test is over a VPN, I don't care how it works, as long as it does.
On Fri, Jun 7, 2013 at 5:09 PM, Paul Gilmartin <[email protected]> wrote: > On Fri, 7 Jun 2013 13:53:38 -0400, Mark Pace wrote: > > >I appreciate the heads-up, Mark. But this traffic is going through a VPN, > >so I'm not concerned about it. I will make note of this if I ever have to > >do this in the clear. > > > Your initial stated objective was to get X11 forwarding working and > verified. > But now that it isn't but something else is working, you seem satisfied. > > > >On Fri, Jun 7, 2013 at 1:31 PM, Mark Post wrote: > > > >> > In this case the export DISPLAY IP is my desktop running the X server. > >> > >> Well, what is working is _not_ tunneling X over SSH. You're sending X > >> traffic back to your desktop over an entirely different port, with no > >> encryption. If anyone decides to close off traffic on ports 6000+ > you're > >> going to be out of luck. > >> > A common pitfall is that programmers accustomed to other techniques code > in their .profile, $ENV, .login, .cshrc, .bashrc, ... code to set and > export > DISPLAY, often based on parsing the output of a command such as "who am i". > This code must be made conditional wherever it occurs (often in several > places) with a conditional construct such as: > > DISPLAY=${DISPLAY-`find-value-of-display`} export DISPLAY > > in order not to override the value correctly set by sshd. > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
