On Fri, 24 May 2002, Kyle McDonald wrote:

> While all of the things you list below will work. None
> of them are needed. X11 will do this on it's own, assuming
> that neither machine is blocked/protected by a firewall.
> 
> On the machine you want to run the X client software (the application)
> on set your DISPLAY variable to the name of the machine running the
> X server software followed by a colon, and the display number on that
> machine that you want to display the application on (usually 0 but it
> can be other values also.) Something like this:
> 
> export DISPLAY=server.host.com:0
> 

Of course this can be done. The problem is that he's doing this over the
Internet, an insecure network, and thus is not a recommended option. 

> Then depending on how that Xserver is configured, you may or may not
> need to do the following step. Try it first without doing this. If
> it doesn't work then, on the machine running the Xserver, there are
> a few things you can try, the easiest of which is to allow the client
> application host to connect to the server by running:
> 
> xhost + client.host.org
> 
> Lastly just run your X application:
> 
> xterm&
> 
> Of course there are security issues with anything you do across the internet,
> and these instructions were written for ease of use, not security.
> 
> There are more secure ways to allow connections to an Xserver rather than
> using 'xhost +'. 'xauth' is a better way, and not much harder but longer to
> explain.

Marginally better. It still sends everything in the clear once
authentication occurs. 

> 
> None of the access control mechanisms do any encryption.
> 
> Of the choices listed below, VNC has all the same security issues as
> plain X, althought it may have lower bandwidth requirements. I don't
> know from the original posters message if bandwidth is a problem.

VNC can also be tunneled across SSH. This is probably the best option
from a security/bandwidth POV. 

> 
> The last two VPN and SSH are basically the same (SSH in effect gives you
> a VPN) and both will encrypt all traffic while probably also providing
> some element of access control (it really depends on the rest of your setup.)
> SSH I beleive does do some compression also.
> 

Not exactly. SSH is only port-forwarding from one host to another. It's
not a VPN in the sense that the hosts become part of the same network. 



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to