Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I sometimes telnet into another *nix workstation (usually sun unix) and do "setenv DISPLAY my.ip.ad.dr:0.0" so that I can run Xapplications from that computer that display on my computer. I've run "xhost +ot.he.r.ip" on my computer so that the remote computer is allowed to connect to me. I wanted to know if there's any security risk I should be concerned about. Also, is there any way to do it encrypted?
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Rep:
As long as you trust other.ip you should be OK. If I were you I would use SSH. You can set it up to automatically forward X11 packets.
This is from the OpenSSH man page
Quote:
X11 and TCP forwarding
If the user is using X11 (the DISPLAY environment variable is set), the
connection to the X11 display is automatically forwarded to the remote
side in such a way that any X11 programs started from the shell (or com*
mand) will go through the encrypted channel, and the connection to the
real X server will be made from the local machine. The user should not
manually set DISPLAY. Forwarding of X11 connections can be configured on
the command line or in configuration files.
The DISPLAY value set by ssh will point to the server machine, but with a
display number greater than zero. This is normal, and happens because
ssh creates a ``proxy'' X server on the server machine for forwarding the
connections over the encrypted channel.
ssh will also automatically set up Xauthority data on the server machine.
For this purpose, it will generate a random authorization cookie, store
it in Xauthority on the server, and verify that any forwarded connections
carry this cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to the server
machine (and no cookies are sent in the plain).
If the user is using an authentication agent, the connection to the agent
is automatically forwarded to the remote side unless disabled on command
line or in a configuration file.
Forwarding of arbitrary TCP/IP connections over the secure channel can be
specified either on command line or in a configuration file. One possi*
ble application of TCP/IP forwarding is a secure connection to an elec*
tronic purse; another is going trough firewalls.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
