From owner-freebsd-security Wed Jun 9 0:12:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from is2.nyu.edu (IS2.NYU.EDU [128.122.253.135]) by hub.freebsd.org (Postfix) with ESMTP id 4C89615401; Wed, 9 Jun 1999 00:12:25 -0700 (PDT) (envelope-from hqy2446@is2.nyu.edu) Received: from localhost (hqy2446@localhost) by is2.nyu.edu (8.8.8/8.8.7) with SMTP id DAA11783; Wed, 9 Jun 1999 03:12:25 -0400 (EDT) Date: Wed, 9 Jun 1999 03:12:25 -0400 (EDT) From: hqy2446 To: Eivind Eklund Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: newbie question: ssh In-Reply-To: <3.0.6.32.19990609015904.007faa30@is2.nyu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 9 Jun 1999, Eivind Eklund wrote: > Date: Wed, 09 Jun 1999 01:59:04 -0400 > From: Eivind Eklund > To: hqy2446@nyu.edu > Subject: Re: newbie question: ssh > > On Tue, Jun 08, 1999 at 03:07:49AM -0400, hqy2446 wrote: > > I have a newbie question regarding X connection forward by ssh. > > > > After I installed ssh-1.2.27 and ssh-2.0.13, I was unable to use 'X > > connection forwarding' at certain servers. Now I tried this command: > > > > $ ssh -l [username] [remote host] xterm -display [my ip address]:0.0 > > > > xterm of the remote host was opened and I could run X clients on the host. > > > > I want to make sure that this connection is secured or not by experts or > > experienced users of ssh. > > Not secured. > > > And one more question: What is the difference between above way of > > connection and just a connection to a remote host by ssh(just like a > > telnet) and run X clinets at the remote host shell? > > ssh will normally set up an emulated display at localhost:10.0 (or > 11.0, 12.0, etc - depends on how many other ssh users you have.) This > is securely forwarded, and is what you'll normally use. Your setup > makes the program use an insecure connection over the normal net > instead. > > Eivind. > > Thanks for your reply. Now I have a question. How can I make a secure connection to a remote host using by ssh? My FreeBSD box is stand-alone, I am the only user. I re-complie ssh-1.2.27 and ssh-2.0.13 with X connection forward option (it was default option, though). I still can't make X connection forward to a certain remote host, not all of them. What I did is $ xhost +[remote host] and then $ ssh -l [my user name] [remote host] or, $ DISPLAY=[my ip address]:0.0; export DISPLAY $ ssh -l [my user name] [remote host] Both of above, usually shell connection is fine, but X connection. When I tried to open a X client, I got this error message: 'Error: Can't open display: :0' The following is 'ssh -v' message: $ ssh -v -l [user name] [remote host] debug: hostname is 'foo.bar'. debug: Unable to open /home/foo/.ssh2/ssh2_config debug: connecting to foo.bar... debug: entering event loop debug: ssh_client_wrap: creating transport protocol debug: ssh_client_wrap: creating userauth protocol debug: Ssh2Transport/trcommon.c:592/ssh_tr_input_version: Remote version: SSH-1.99-2.0.12 (non-commercial) debug: Remote version: SSH-1.99-2.0.12 (non-commercial) debug: Host key found from the database. debug: Ssh2Common/sshcommon.c:155/ssh_common_special: special packet received from connection protocol: 3 debug: Ssh2Common/sshcommon.c:155/ssh_common_special: special packet received from connection protocol: 4 debug: Unable to open /home/foo/.ssh2/identification password: debug: Ssh2Common/sshcommon.c:155/ssh_common_special: special packet received from connection protocol: 6 debug: Ssh2/ssh2.c:304/client_authenticated: client_authenticated debug: Ssh2Common/sshcommon.c:466/ssh_common_new_channel: num_channels now 1 Last login: Wed Jun 9 01:45:13 1999 % Any help would be greatly appreciately. Thanks again. -Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message