On Sat 07 Dec 2024 at 08:39:54 (-0700), pe...@easthope.ca wrote: > > Unencrypted login sessions, with passwords being > > sent in the clear over a network, are inherently insecure. > > You give a password every time a xterm or similar is opened? To my > understanding, most users just open the term and go at the command line.
You don't open the xterm on the remote system, but on your own local system, which requires no password. In that xterm, you then use ssh to login on the remote computer, and that's when you either type a password or rely on the exchange of ssh keys. Everything in the session that passes across the network is encrypted by ssh. If, in that remote shell, you open a graphical program that wants to display on your screen, it connects to a proxy X server on the remote machine, which forwards the connection to your local machine through an encrypted channel provided by the ssh. This all happens automatically, because ssh sets the variable DISPLAY on the remote system to a string like localhost:10.0, rather than the :0 that you normally see on the local system. Cheers, David.
