Women in Technology

Hear us Roar



Article:
  Hands on X11
Subject:   Do not use XWindows across network WITHOUT ssh
Date:   2003-04-07 20:21:36
From:   csoto
XWindows sends every key click and mouse action across the network, in the clear. This is bad. No big deal if it's localhost, but skip all of the xhost & DISPLAY stuff.


Here's a quick HOW-TO (assuming you're using OpenSSH or a similar build, like that on Solaris or HP-UX):


-Modify /etc/ssh/sshd_config on the REMOTE HOST so that it says "X11Forwarding yes" (remove the # at the front) [you probably have to be root, so use su or sudo]
-Restart the REMOTE HOST [yes, there are other ways, but I have no way of knowing whether your sshd is started by rc scripts or inetd, so this method always works :) ]
-Modify /etc/ssh/ssh_config (note the missing 'd') on the LOCAL HOST (the Mac on which you're running X11) so that it says "ForwardX11 yes" (remove the # at the front) [you can skip this, but it means you will have to remember to use the -X option any time you run ssh ]


Now, when you connect to the remote host, use this command:


ssh -X user@remotehost


You can skip the -X if you modified your Mac's /etc/ssh/ssh_config as above.


Note that not all X clients will work in tunneled SSH sessions. See http://www.snailbook.com/faq/ under "X Forwarding" for some possible reasons and solutions.


Interestingly, X11 for Mac OS X seems to be more compatible with my Sun, SGI, Linux and HP-UX hosts than they are with each other. HP-UX clients particularly barf when I access them on the Sun. It's so nice having a wireless Unix laptop :)


Charles

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • X11, Xhost and Display
    2008-04-09 06:59:31  leousr [View]

    So about a month ago, I started having a completely new random problem without changing anything myself...
    When I login using ssh -X or ssh -Y I can't get my the X11 DISPLAY forwarding to work without the xhost +x command (on the mac).
    I am logging into a linux box from Leopard. I am wondering if -- Some security update might have changed something

    Any ideas? It was all working a month ago. (I have all the X11 forwarding stuff set, etc)