From owner-freebsd-hardware Wed Jan 17 10:13:30 2001 Delivered-To: freebsd-hardware@freebsd.org Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by hub.freebsd.org (Postfix) with ESMTP id DCE2637B401 for ; Wed, 17 Jan 2001 10:13:09 -0800 (PST) Received: from ptavv.es.net (localhost [127.0.0.1]) by ptavv.es.net (8.10.1/8.10.1) with ESMTP id f0HID1J01953; Wed, 17 Jan 2001 10:13:02 -0800 (PST) Message-Id: <200101171813.f0HID1J01953@ptavv.es.net> To: "Koster, K.J." Cc: hardware@freebsd.org Subject: Re: psmintr:out of sync In-reply-to: Your message of "Wed, 17 Jan 2001 18:54:21 +0100." <59063B5B4D98D311BC0D0001FA7E4522026D7B17@l04.research.kpn.com> Date: Wed, 17 Jan 2001 10:13:01 -0800 From: "Kevin Oberman" Sender: owner-freebsd-hardware@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Date: Wed, 17 Jan 2001 18:54:21 +0100 > From: "Koster, K.J." > Sender: owner-freebsd-hardware@FreeBSD.ORG > > The disadvantage of a KVM switch is that they actually need to be under your > desk. If you ssh into them and "export DISPLAY" back it doesn't matter if > they're under your desk or locked into a broomcloset at the other end of the > house as mine are. I sincerely hope that you are NOT exporting DISPLAY! This breaks security (not to mention being more work). SSH will tunnel X connections automatically and most clients including DataFellows, TTSSH, and SecureCRT support this. You only need to enable this on the client. It's usually c checkbox in GUI configurators and it's a single line in ssh_config for Unix clients. This causes your display to be set to localhost:N.0, where 'N' increments once for each ssh session starting (by default) at 10. This pseudo-display is actually linked to the ssh daemon which simply encrypts the data and passes it over the ssh tunnel. The ssh client decrypts it and passes it off to the X server as a local session. It surprises me how often I see people setting their DISPLAY variable and breaking this secure encryption. Considering how terribly weak X security is, I think that this is a very poor idea. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hardware" in the body of the message