< Day Day Up > |
17.11.1 ProblemYou like running remote X sessions, but you know that they are completely insecure, so you want to run X over SSH. 17.11.2 SolutionFollow the previous recipes to get SSH configured and running, then enable X forwarding on the SSH server, in /etc/ssh/sshd_config. Then use the -X flag when you start your SSH session. Put this line in /etc/ssh/sshd_config on the SSH server: X11Forwarding yes Then connect to the server with the -X flag: $ ssh -X saturn.test.net Run this command to test that X forwarding is working: $ echo $DISPLAY localhost:10.0 If it weren't, it would return a blank line. Now you can run any X program installed on the server as though it were local. Try this for a simple test: $ xeyes Or run glxgears, or any X program that is installed on the server. 17.11.3 DiscussionUsing SSH for remote X sessions is both simpler and more secure than running a plain-vanilla X session without SSH, which is not secure at all. However, it still carries some risks. Use this to connect only to trusted hosts, because a snoopy admin can easily capture your keystrokes or logins, or even connect to your local desktop and snoop even more. Make sure your local ~/.Xauthority file is mode 600, to prevent unprivileged users on the remote host from also joining in the snooping. Be sure that these entries are in your local /etc/ssh/ssh_config file and any ~/ ssh/ssh_config files on your system: Host * ForwardX11 no ForwardAgent no It's important to ensure that X forwarding is turned off, except when you absolutely need it. Depending on your physical distance from the remote server and the speed of your network connection, you may notice some lag in your keystrokes or mouse movements, as the X protocol is a bit of a network hog. 17.11.4 See Also
|
< Day Day Up > |