Date: Sat, 29 Jun 2002 20:18:51 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Gary Jennejohn <garyj@jennejohn.org> Cc: Kent Stewart <kstewart@owt.com>, Jan Rocho <kraftwerk@gmx.net>, freebsd-questions@FreeBSD.ORG Subject: Re: x-server remote connection problem Message-ID: <20020629191851.GA18775@happy-idiot-talk.infracaninophi> In-Reply-To: <200206291827.g5TIRpBQ050586@peedub.jennejohn.org> References: <3D1DF9CC.1050507@owt.com> <200206291827.g5TIRpBQ050586@peedub.jennejohn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 29, 2002 at 08:27:51PM +0200, Gary Jennejohn wrote:
> Kent Stewart writes:
> > Jan Rocho wrote:
> > > There is another X-Problem. I have two computers, one running Linux
> and the
> > > other running FreeBSD. When I ssh into my linux system and do
> > > export DISPLAY="192.168.1.2:0" and then start an application I get a
> > > conncetion error message. It can't connect to the X-Server on my
> FreeBSD sy
> > stem. I
> > > have however allowed all connections to the X-Server (xhost +). So
> that sho
> > uld
> > > work. Then I portscanned my FreeBSD system and found out that there is
> no
> > > Port for the X-Server open. How do get around that problem?
> >
> >
> > I am not sure at this point but I usually have to "xhost
> > other_computer" before it will start the xterm on the other computer.
> >
>
> Another possiblity, if you use startx to start X, is that the server
> was started with "-nolisten tcp". If that's the case then you have
> to do ``startx -listen_tcp'' to avoid that. It's documented in the
> startx manpage.
Even better is to ensure that you have `X11Forwarding yes' in
sshd_config and ssh_config on both machines. Then when you ssh into
your other host, you should find that the DISPLAY variable is
automatically set to something like DISPLAY=otherhost:10, and any X
applications you start on otherhost will display on your desktop using
an encrypted ssh tunnel between the two hosts.
You can use "-nolisten tcp" on your desktop with this scheme, and it's
not necessary to use xhost to relax access control either.
Note that saying xhost+ on a machine with Internet access is horribly
insecure. That gives open access to your X display, and Mr Blackhat
can do very nasty things to you like putting a transparent window over
your whole display and so capturing all keystrokes you make. Not
good. Running X sessions unencrypted over a network is about as
snoopable as using, say, telnet so be careful about where you do that
too.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020629191851.GA18775>