Re: redirecting display of program over telnet (with DISPLAY) - don't mess with xhost etc., use ssh , instead
On Wed, 20 May 1998, Liran Zvibel wrote: I remember reading somewhere that I can change the remote DISPLAY variable so I can see the applications on my local screen. My machine name is debian (I gave it a lot of thought...) I tried changing DISPLAY to debian:0 but it didn't work. Despite all the advice you have had to use xhost (bad) and xauth (clumsy), what you really want is this: install ssh (from nonus.debian.org) ssh is a (superior) alternative to telnet, rsh and rcp. ssh does many tricks, encrypting network sessions is one, compressing connections is another and forwarding many connections through a single encrypted connection is the one that is useful when you want to display x clients that run remotely on your local display. What happens is that ssh will make the x client believe that there is an xserver on the remote end - it is in fact faked by the sshd on the remote end. the faked xserver on the remote end forwards the x connection to the xserver on the local machine - to which you already had access. No need to mess with xauth cookies and setting DISPLAY (in fact, when you change DISPLAY on the remote end, the faked server trick stops working.) You should really install ssh. It has so many additional advantages while the other tricks mostly have disadvantages. So get ssh and read the fine manuals that come with it. Cheers, Joost -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Tuesday 19 May 1998, at 18 h 13, the keyboard of Noah L. Meyerhans [EMAIL PROTECTED] wrote: Quite a bit safer. It's still rather dangerous, as it doesn't see what account on the remote host is accessing your display. It just lets all users on that specific host display X apps on your screen. Much more! It allows *any* user on the remote host to do *anything* on your machine, using only standard X programs (hint: xmodmap). The only real solution is to use ssh which is safer and much simpler (no longer a need to set DISPLAY). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Wed, 20 May 1998, Stephane Bortzmeyer wrote: Much more! It allows *any* user on the remote host to do *anything* on your machine, using only standard X programs (hint: xmodmap). The only real solution is to use ssh which is safer and much simpler (no longer a need to set DISPLAY). Well, the computer I'm using is an old SunOS server that my faculty uses, I don't think that it has ssh installed (and they won't let me install anything on the server). The DISPLAY environment variable is local to my account, and I'll change it when I'll be logging from home whis a dynamic IP, so it changes every time I'm logging in. I think it is pretty safe, what do you think? do you have any suggestions? TIA, Liran Zvibel. --- http://www.math.tau.ac.il/~liranz/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Wed, May 20, 1998 at 11:47:46AM +0300, Liran Zvibel wrote: On Wed, 20 May 1998, Stephane Bortzmeyer wrote: Much more! It allows *any* user on the remote host to do *anything* on your machine, using only standard X programs (hint: xmodmap). The only real solution is to use ssh which is safer and much simpler (no longer a need to set DISPLAY). Well, the computer I'm using is an old SunOS server that my faculty uses, I don't think that it has ssh installed (and they won't let me install anything on the server). The DISPLAY environment variable is local to my account, and I'll change it when I'll be logging from home whis a dynamic IP, so it changes every time I'm logging in. I think it is pretty safe, what do you think? do you have any suggestions? It's reasonably safe, but it's security by obscurity, if you like. You can also extract your xauth cookie with xauth extract filename $DISPLAY then transfer it (ftp, rcp, scp) to the local server, and run xauth merge filename ssh is much easier and even more secure, though, but like you not all the systems I use have it installed. Hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Wednesday 20 May 1998, at 11 h 47, the keyboard of Liran Zvibel [EMAIL PROTECTED] wrote: The DISPLAY environment variable is local to my account, and I'll change it when I'll be logging from home whis a dynamic IP, so it changes every time I'm logging in. laureline:~/tmp/sgmltools-1.1.4 who bortzttyp0May 20 11:03 (josephine.sis.pasteur.fr) I think it is pretty safe No. (In the University, it was a common joke among students to map a key to something else or worse.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
In article [EMAIL PROTECTED], Stephane Bortzmeyer [EMAIL PROTECTED] wrote: I think it is pretty safe No. (In the University, it was a common joke among students to map a key to something else or worse.) And it's trivial to snoop all keyboard activity - I got a lot of passwords that way when I was still at the University.. even the root password. (Not very exiting, I already had it officially, but still..) Mike. -- Miquel van Smoorenburg | Our vision is to speed up time, [EMAIL PROTECTED] | eventually eliminating it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Wed, 20 May 1998, Stephane Bortzmeyer wrote: laureline:~/tmp/sgmltools-1.1.4 who bortzttyp0May 20 11:03 (josephine.sis.pasteur.fr) I think it is pretty safe No. (In the University, it was a common joke among students to map a key to something else or worse.) So what do you suggest? I can't install any sonftware on the faculty's server. TIA, Liran. --- http://www.math.tau.ac.il/~liranz/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Wednesday 20 May 1998, at 16 h 4, the keyboard of Liran Zvibel [EMAIL PROTECTED] wrote: So what do you suggest? I can't install any sonftware on the faculty's server. echo Please install ssh http://www.cs.hut.fi/ssh/, thanks in advance \ Mail -s Humble request to install ssh [EMAIL PROTECTED] or use xauth which is the second more secure way. (xhost being not secure at all.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Wed, 20 May 1998, Stephane Bortzmeyer wrote: echo Please install ssh http://www.cs.hut.fi/ssh/, thanks in advance \ Mail -s Humble request to install ssh [EMAIL PROTECTED] Hi! Now the situation is that I have ssh installed at the Uni. but don't have it at home. Is there a debian package for it? I searched that binary and non-free packages files and didn't find it. Do I have to compile it myself? (I have no problem compiling things, but if someone had already done that work for me...) Thanks, Liran Zvibel. --- http://www.math.tau.ac.il/~liranz/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
As Joost (cryptically) mentioned yesterday, ssh is on non-us.debian.org. The US laws on encryption force this. -- --- How can you see, when your mind is not open? How can you think, when your eyes are closed? - Jason Bonham Band, Ordinary Black and White --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
redirecting display of program over telnet (with DISPLAY)
Hello! I remember reading somewhere that I can change the remote DISPLAY variable so I can see the applications on my local screen. My machine name is debian (I gave it a lot of thought...) I tried changing DISPLAY to debian:0 but it didn't work. Please help, or tell me what FM to R. TIA, Liran Zvibel. --- http://www.math.tau.ac.il/~liranz/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
Step one: telnet to box where you want data to come FROM Step two: type `export DISPLAY=machine:display` where machine is your machine name and display is your display number -- debian:0 Step three: run an X app. Step four: enjoy the fun of running apps across the network (-: All this ASSUMES that you have given the other machine the permission to talk to your X. This is not ON by default. So Step One becomes: type `xhost +`. This lets other machines talk to X. -- --- How can you see, when your mind is not open? How can you think, when your eyes are closed? - Jason Bonham Band, Ordinary Black and White --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
I remember reading somewhere that I can change the remote DISPLAY variable so I can see the applications on my local screen. My machine name is debian (I gave it a lot of thought...) I tried changing DISPLAY to debian:0 but it didn't work. Remote host should be able to find your host by the name. So, in most cases it should be a fully-qualified domain name or (in case you don't have that - say because you are using PPP to connect to the internet) just a valid current IP address of your debian box. So, set DISPLAY to something like 203.234.22.33:0.0 and it should work. Good luck. Alex Y. -- _ _( )_ ( (o___ +---+ | _ 7 |Alexander Yukhimets| \()| http://pages.nyu.edu/~aqy6633/ | / \ \ +---+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
-BEGIN PGP SIGNED MESSAGE- On Tue, 19 May 1998, Shaleh wrote: All this ASSUMES that you have given the other machine the permission to talk to your X. This is not ON by default. So Step One becomes: type `xhost +`. This lets other machines talk to X. CAREFUL! xhost + lets ALL other machines access your display. This is not normally a good idea. It's better to do a xhost specific.remote.host This will allow only the host that you specify to access your display. Quite a bit safer. It's still rather dangerous, as it doesn't see what account on the remote host is accessing your display. It just lets all users on that specific host display X apps on your screen. xauth is better, but I don't know how to use it. noah PGP public key available at http://lynx.dac.neu.edu/home/httpd/n/nmeyerha/mail.html or by 'finger -l [EMAIL PROTECTED]' -BEGIN PGP SIGNATURE- Version: 2.6.2 iQCVAwUBNWIEHYdCcpBjGWoFAQED/wP/fvzRMisTSZi9pQnXHHi3dD1uXvzG7eOc LKbf/XqOVPKX5qG/8kDbID2jWZIjUWqlxskk6qmYqrI+NBc+HkgZdB0ZC1Px9j5J hvQfVl/DxaIDvBrfxd8pttWkCCZIzeAD05dxoQRwSpxGyHnRByQ6tfdCAqy51od8 5E30WmKaHZw= =sLuJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Tue, 19 May 1998 [EMAIL PROTECTED] wrote: Remote host should be able to find your host by the name. So, in most cases it should be a fully-qualified domain name or (in case you don't have that - say because you are using PPP to connect to the internet) just a valid current IP address of your debian box. So, set DISPLAY to something like 203.234.22.33:0.0 and it should work. Well I did it, and after trying xhost + , the response was: Xlib: connection to 132.67.97.136:0.0 refused by server Xlib: Client is not authorized to connect to Server xhost: unable to open display 132.67.97.136:0.0 (BTW: debian:0 didn't work) What should I do? Thanks, Liran Zvibel. Good luck. Alex Y. -- _ _( )_ ( (o___ +---+ | _ 7 |Alexander Yukhimets| \()| http://pages.nyu.edu/~aqy6633/ | / \ \ +---+ --- http://www.math.tau.ac.il/~liranz/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
In case I was not clear -- xhost MUST be run on the machine with the X server, not the machine where the X app is run. -- --- How can you see, when your mind is not open? How can you think, when your eyes are closed? - Jason Bonham Band, Ordinary Black and White --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
Remote host should be able to find your host by the name. So, in most cases it should be a fully-qualified domain name or (in case you don't have that - say because you are using PPP to connect to the internet) just a valid current IP address of your debian box. So, set DISPLAY to something like 203.234.22.33:0.0 and it should work. Well I did it, and after trying xhost + , the response was: Xlib: connection to 132.67.97.136:0.0 refused by server Xlib: Client is not authorized to connect to Server xhost: unable to open display 132.67.97.136:0.0 (BTW: debian:0 didn't work) What should I do? You should have done xhost + on your local box (debian). Alex Y. -- _ _( )_ ( (o___ +---+ | _ 7 |Alexander Yukhimets| \()| http://pages.nyu.edu/~aqy6633/ | / \ \ +---+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
On Tue, 19 May 1998, Shaleh wrote: In case I was not clear -- xhost MUST be run on the machine with the X server, not the machine where the X app is run. It works!!! Thanks alot!!! -- --- How can you see, when your mind is not open? How can you think, when your eyes are closed? - Jason Bonham Band, Ordinary Black and White --- Liran Zvibel. --- http://www.math.tau.ac.il/~liranz/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: redirecting display of program over telnet (with DISPLAY)
Glad to help. Now that it works read xhost's man page and figure out how to allow only that machine to hit your box. You can put the command into your .xinitrc file and every time you start X that machine has access to you. Or as was mentioned previously -- look into xauth. This gives finer grain control of access. However if it is just two boxes you own or trust -- no big deal. -- --- How can you see, when your mind is not open? How can you think, when your eyes are closed? - Jason Bonham Band, Ordinary Black and White --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
