[PLUG] X11 to remote client

D. Cooper Stevenson cstevens at gencom.us
Wed Oct 20 17:11:01 UTC 2004


On Wednesday 20 October 2004 16:53, Andrew Munkres wrote:
> On Wed, 20 Oct 2004, Keith Lofstrom wrote:
> > I want to display X programs on a local client, from a remote server,
> > using ssh.  I expect there is a correct, automagical way to do that.

There is. A note first: the export DISPLAY= thing is not secure. There is a 
secure way to export displays using encrypted X cookies but this seems to 
have been superseded by running an X display through SSH.

Here's how:

http://www.biac.duke.edu/library/documentation/xwin32/Security.html


-Coop

>
> I assume you're referring to ssh clients and servers, rather than X
> clients and servers.
>
> > Right now, it involves jumping through a couple of hoops.
> >
> > # locally, in a client xterm:
> >
> > client> xhost +server
> >
> >
> > # in another client xterm, ssh'ed to the server:
> >
> > server> export DISPLAY=client:0.0
> > server> an_X_application
> >
> > ... and that will pop up an X window for an_X_application on my client
> > screen.  But I expect that I can accomplish the same thing with by
> > twiddling, say, .bashrc on the server and /etc/ssh/<someconfigfile>
> > on the client.  Or something.
> >
> > What is the correct way to do this?
>
> I don't know an an automagical way to do _exactly_ that, but there is
> this (from ssh(1) openssh man page):
>      -X      Enables X11 forwarding.  This can also be specified on a
> per-host basis in a configuration file.
>
>              X11 forwarding should be enabled with caution.  Users with the
>              ability to bypass file permissions on the remote host (for the
>              user's X authorization database) can access the local X11
> display through the forwarded connection.  An attacker may then be able to
> perform activities such as keystroke monitoring.
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug




More information about the PLUG mailing list