Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Securing X-Window Protocol
- Date: Thu, 16 Feb 2006 16:52:10 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Securing X-Window Protocol
- References: <30ce84360602141628y7f67c379u@example.com><20060214230612.29fe1460.jep200404@example.com><87zmktyui1.fsf@example.com><30ce84360602152307r7e760a50w@example.com>
- Organization: The XEmacs Project
- User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.5-b23 (daikon, linux)
>>>>> "Ian" == Ian Wells <ijw@example.com> writes:
Ian> On 15/02/06, Jim <jep200404@example.com> wrote:
>> Ssh can handle securely transport the X protocol.
Ian> Works fine for what it is, but it's a tunnel rather than part
Ian> of the X protocol, which is kind of cheating...
I don't understand what is "cheating" about that.
The X protocol was carefully designed for this. It turns out that
it's easy to botch that. The Coda file system, for one, did botch its
transport protocol. It does not work very well over IPsec because of
packet fragmentation issues.
Ian> On 15/02/06, Stephen J. Turnbull <stephen@example.com> wrote:
>> As far as the X server is concerned, port-forwarded clients are
>> just ordinary clients calling on (usually) port 6000.
>> It's really that simple, so I'd be very surprised at anything
>> that didn't work.
Ian> <pedant> Network sound server </pendant>
Ian> Seriously, though, if a program expects X *and something else
Ian> as well* to be available on the machine, ssh can confuse the
Ian> issue...
Your programs are always expecting something else to be available
... GNOME user, I guess? What do they do if you just don't have the
hardware, kill your login process? ;-)
Yes, I suppose ssh confuses the issue if you think of sound as part of
your networked workstation. Put
RemoteForward 8010:localhost:8000
in .ssh/config and you can forget that too. It won't quite work, for
example if there's already an active X forward on that host, you'd
need 8011, if I understand the NAS convention for use of DISPLAY
correctly.
I bet getting it right would be an easy hack on OpenSSH.
--
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
- References:
- [tlug] Kurobox and VNC (was: KuroBox HG Sid and Xterm not rootproblem)
- From: Ian Wells
- [tlug] Securing X-Window Protocol (was Kurobox and VNC)
- From: Jim
- Re: [tlug] Securing X-Window Protocol
- From: Stephen J. Turnbull
- Re: [tlug] Securing X-Window Protocol
- From: Ian Wells
- [tlug] Kurobox and VNC (was: KuroBox HG Sid and Xterm not rootproblem)
- Prev by Date: Re: [tlug] Who cares what Linus thinks? [was: Ubuntu/Kubuntu 510Log]
- Next by Date: Re: [tlug] OT: Digital SLR camera shopping
- Previous by thread: Re: [tlug] Securing X-Window Protocol
- Next by thread: Re: [tlug] Securing X-Window Protocol
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |