Thursday, November 19, 2009

Method for "The INSECURE X11" connection

If you have already setup an ssh connection to your remote machine, then getting the X11 client application (on the remote) to show up on your (local) diplay is easy.

CAVEAT: THIS IS THE INSECURE METHOD THE SSH PEOPLE ARE ALWAYS WARNING ABOUT.

Before you login to the remote machine make sure your X11 server (Note: the server runs the display, not the programs, clients, or applications.), make sure it is listening for TCP connections. MANY X11 display managers have this turn OFF by default, John has shown how to do this in his article for gdm (gnome)

I use icewm, so I just use startx(1). As such, the following is at the end of my .login file.

echo Starting X in 3 seconds
sleep 3
startx -listen_tcp

Next, login to the remote machine and at the commandline enter:

$ export DISPLAY=192.168.123.100:0.0

then test your connection with

$ xterm


Then rather than hardcode the display add the following to your .chsrc or .bashrc file:

if [ -n "$SSH_CLIENT" ]
then
X=`echo $SSH_CLIENT | cut -f 1 -d " "`
# The insecure way
#export DISPLAY=$X:0.0
# The secure way
if [ "$X" = "192.168.123.100" ]
then
export DISPLAY=127.0.0.1:1
fi
#echo X $X
fi


NOTE #1: Substitute your domainname or your IP for 192.168.123.100.

NOTE #2: Your SSH shell/terminal will not close, if you have an X application running the secure way.

NOTE #3: This method is extremely useful, if you have control of your firewall.

No comments: