LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-02-2001, 02:14 AM   #1
green_t
LQ Newbie
 
Registered: Mar 2001
Posts: 7

Rep: Reputation: 0

I sometimes telnet into another *nix workstation (usually sun unix) and do "setenv DISPLAY my.ip.ad.dr:0.0" so that I can run Xapplications from that computer that display on my computer. I've run "xhost +ot.he.r.ip" on my computer so that the remote computer is allowed to connect to me. I wanted to know if there's any security risk I should be concerned about. Also, is there any way to do it encrypted?

green_t
 
Old 03-02-2001, 03:09 AM   #2
mathi
Member
 
Registered: Nov 2000
Distribution: Slackware
Posts: 74

Rep: Reputation: 15
I don't know whether there's a way to encrypt the X-protocol, but it might be a good idea to use ssh instead of telnet.
 
Old 03-05-2001, 09:05 PM   #3
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,020

Rep: Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749
As long as you trust other.ip you should be OK. If I were you I would use SSH. You can set it up to automatically forward X11 packets.

This is from the OpenSSH man page
Quote:
X11 and TCP forwarding

If the user is using X11 (the DISPLAY environment variable is set), the
connection to the X11 display is automatically forwarded to the remote
side in such a way that any X11 programs started from the shell (or com*
mand) will go through the encrypted channel, and the connection to the
real X server will be made from the local machine. The user should not
manually set DISPLAY. Forwarding of X11 connections can be configured on
the command line or in configuration files.

The DISPLAY value set by ssh will point to the server machine, but with a
display number greater than zero. This is normal, and happens because
ssh creates a ``proxy'' X server on the server machine for forwarding the
connections over the encrypted channel.

ssh will also automatically set up Xauthority data on the server machine.
For this purpose, it will generate a random authorization cookie, store
it in Xauthority on the server, and verify that any forwarded connections
carry this cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to the server
machine (and no cookies are sent in the plain).

If the user is using an authentication agent, the connection to the agent
is automatically forwarded to the remote side unless disabled on command
line or in a configuration file.

Forwarding of arbitrary TCP/IP connections over the secure channel can be
specified either on command line or in a configuration file. One possi*
ble application of TCP/IP forwarding is a secure connection to an elec*
tronic purse; another is going trough firewalls.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
xhost + mlykam Linux - Software 3 03-17-2005 09:50 AM
xhost + RoaCh Of DisCor Slackware 3 10-02-2004 04:31 PM
xhost invasian Linux - Newbie 3 08-08-2004 08:01 PM
xhost / Security issue ganninu Linux - General 1 12-08-2003 12:49 PM
security and xhost+ marlaina1 Linux - General 4 01-03-2002 09:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration