Re: [TCLUG:8991] Remote X from Windows

To: "tclug-list@mn-linux.org" <tclug-list@mn-linux.org>
Subject: Re: [TCLUG:8991] Remote X from Windows
From: Peter Lukas <peter@math.umn.edu>
Date: Wed, 6 Oct 1999 10:21:28 -0500 (CDT)
In-Reply-To: <37FB5974.D0092EF@mn.uswest.net>

You can connect directly to the X server, but that's not really a
security-conscious move,  Use an SSH client to connect to the X-Windows
machine from the NT machine.  Enable X11 forwarding in the SSH client from
the X Server machine to your NT machine and tell the local X-Server to get
requests from the loopback device.  That way, all X11 traffic travels over
the encrypted connection to your display and cannot be easily sniffed by
outsiders.

Most X Windows / OpenWindows connections are made on port 6000 and up of
the host machine.  The host machine broadcasts that availability to anyone
within an earshot, allowing them to make connections to the X server.
What's more, keystroke and other information may be captured by remotely
sniffing those ports.  Do the right thing and either block connections to
port 6000 with a packet filter like ipchains or disable "Chooser
Broadcast" and other connection requests inside your x/k/gdm
configuration.

As mentioned above, you can always forward X11 traffic over the SSH
connection and use X11 apps under the local windows X server with a
relatively high level of security.

Peter Lukas

On Wed, 6 Oct 1999, Perry Hoekstra wrote:

> Greet the sun all,
> 
> What do you need to do in order to enable remote X working on a Linux
> box?  I have StarNet on my NT box and I would like to use it in
> conjunction with my Linux server.  Everywhere else I have been, the
> Solaris sysadmins have been there before me and done the grunt work to
> get StarNet/Exceed to work in a Unix environment. I remember a past
> discussion on this and it involved setting permissions for remote
> attachment and the like.  I looked at the archives but could not find
> the thread.
> 
> Thank you,
> 
> --
> 
> Perry Hoekstra - dutchman@mn.uswest.net
> -------------------------------------------------
> All that is Microsoft does not glitter,
> Not all those who wander are lost;
> The old AT&T Unix that is strong does not wither,
> Deep roots are not reached by frost.
> 
> >From the ashes of Spec1170 a fire shall be woken,
> A light from the shadows shall spring;
> Renewed shall be the Unix OS that was broken,
> Linux shall be king.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 
>

Follow-Ups:
- X over SSH thru IPMasq
  - From: Michael Hicks <hick0088@tc.umn.edu>

References:
- Remote X from Windows
  - From: Perry Hoekstra <dutchman@uswest.net>

Prev by Date: sb live! and 2.2.5-15
Next by Date: X over SSH thru IPMasq
Prev by thread: Remote X from Windows
Next by thread: X over SSH thru IPMasq
Index(es):
- Date
- Thread