On Mon, Dec 18, 2006 at 03:26:35PM -0800, kelsey hudson wrote: > John Oliver wrote: > >I installed a Java-based app on one of our servers for a user. I'm able > >to ssh to the server, export DISPLAY=my.ip.address:0.0 do an xhost + on > >my machine (Windows + Cygwin) and launch the app just fine. > > It's better to tunnel it over ssh, add: > > ForwardX11 yes > ForwardX11Trusted yes > > to ~/.ssh/config to forward X over the tunnel, or run ssh -X hostname.
Yeah I noticed those options were on after having messed around with my Cygwin :-) > Allowing all hosts via xhost + opens up the possibility of someone > installing, say, a keylogger on your system and it'll be completely > unbeknownst to you unless you monitor 'xlsclients' or something on a > regular basis. I know. Hopefully I can make it go right with ssh X forwarding. > I'd bet it's a pain in the ass firewall. Make sure iptables isn't > running, or allows through port 6000. Again, a better way is with ssh X > forwarding. Added benefit is all X traffic is now encrypted. Bonus! iptables is not running. At all. > Redhat also has some stupidity where it adds to /etc/hosts a line like > the following: > > 127.0.0.1 localhost localhost.localdomain somebox somebox.somedomain.tld > > Ensure this is not the case. This is broken, broken, broken. Bad redhat, > BAD! NO BISCUIT. It causes things to open up sockets on localhost only. > It's a stupid idea and i wish redhat would stop doing it. But I digress. What should I do, get rid of it? Leave the 127.0.0.1 localhost part? Thanks... -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * *********************************************************************** -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
