Calvin,
> For X-Win32 try this:
> xterm -sb -ls ###.###.###.###:0
Why? This is exactly what you're not supposed to do when trying to
protect your X sessions with SSH since it completely circumvents the
benefits, as you even yourself have noted.
> NOTE that since you are using a Windows Emulator that the Xwin session
> DOES NOT use the Xforwarding tunnel capability of SSH.
There is no reason why the tunneling capability couldn't be used if you
have everything configured correctly. So instead of ``helping'' people
with kludges that are outright dangerous, why not try to solve the
problem.
> The advantage in this type session is that your login name and
> _password_ are not transmitted in clear plain text .... BUT everything
> else is since a new connection is established to the Emulator client.
But since the X protocol is so wonderfully open to snooping and
hijacking, it is a small relief that the initial password exchange is
protected. Any sensitive information that you type in the new xterm
will be available to interested listeners and they can even type
commands into the xterm window on your behalf.
P\"ar-Ola: Run your Windows X server in passive mode (i.e. absolutely
no XDMCP anywhere) and make sure it is configured to accept connections
from 127.0.0.1 only, and that it does not use the xauth mechanism. Some
Windows X servers are capable of using xauth, but the problem as far as
SSH goes is that there is no straightforward way for the xauth cookie to
be passed to the ssh program as there would be in UNIX. Thus you must
protect the display on a host basis only, by disallowing connections
from anywhere else but the localhost, and then try again what you tried
before and it should work, assuming you have the X forwarding set up in
your ssh client on the PC and you have the Windows X server running.
mvh,
--
Atro Tossavainen (Mr.) / The Institute of Biotechnology at
Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
< URL : http : / / www . iki . fi / atro . tossavainen / >
