On Thu, 2002-03-07 at 18:13, Hans Ekbrand wrote: > On Tue, Mar 05, 2002 at 01:44:40PM -1000, Joseph Dane wrote: > > >>>>> "Hans" == Hans Ekbrand <[EMAIL PROTECTED]> writes: > > > > Hans> This tip is bad. It does not work. The first line makes the > > Hans> following fail (or, I think, in case of bad security on client > > Hans> succeed but by-pass the ssh-tunnel). > > > > no, it works as expected. if the tip had been > > > > client> ssh -X server > > server> export DISPLAY=client:0.0 # DON'T DO THIS!!! > > server> netscape& > > > > then that would have been bad. but that's not what was in the post. > > Since no one else has disputed this post yet, I think it is time to do > so. I have used X-forwarding over SSH enough to know that you need not > and you should not set $DISPLAY manually. > > I fail to understand why you came up with the example above. No one > have suggested or commented any such thing.
I wasn't subscribed when the first post came in so Im exempt. But I agree completely. Leave out the export DISPLAY. Doing the above *works* but bypasses any X forwarding ssh sets up for you and sends the X forwarding directly to the client without encryption. In fact the default DISPLAY setting on a -X login is connected to the server itself... water$ ssh -X [EMAIL PROTECTED] fire$ export | grep DISPLAY declare -x DISPLAY="fire:10.0" The server is set to forward it to itself. X display 10 (port 6010) is ssh listening for connections so it can forward them. ssh is so clever it even handles the xauth cookies transparently. Now ssh -A, now thats powerful! Crispin
