From owner-freebsd-security Thu Jun 24 8:23: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3]) by hub.freebsd.org (Postfix) with ESMTP id C496D14D20 for ; Thu, 24 Jun 1999 08:22:30 -0700 (PDT) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.7) id AAA25556; Fri, 25 Jun 1999 00:50:32 +0930 (CST) From: Mark Newton Message-Id: <199906241520.AAA25556@atdot.dotat.org> Subject: Re: X and SSH To: mjung@npc.net (Jung, Michael) Date: Fri, 25 Jun 1999 00:50:32 +0930 (CST) Cc: security@FreeBSD.ORG In-Reply-To: from "Jung, Michael" at Jun 24, 99 11:23:42 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jung, Michael wrote: > I have been reading these threads and unless I missed something > this has not seen this addressed. Suppose you use ssh, tterm etc to > securely connect to a host. Once on the host you want to export your > display back to a client so you can bring up a X application. How does > one have the X session encrypted? ssh does this for you: It automatically sets up your $DISPLAY to point to a tunnel passed back across the encrypted session. All X11 traffic is encrypted as a result (unless you override the $DISPLAY setting by manually setting it or passing a -display parameter to an X client). You can get a similar effect by running: ssh -R 6009:localhost:6000 foo.bar.com ... and manually setting your $DISPLAY to localhost:9.0 when you have successfully logged in to it. You never need to do this manually, though, because ssh configures X11 forwarding by default. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message