[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPNAT and X-Traffic

On Tue, Feb 15, 2000 at 10:20:20AM -0600, Byron Pearce wrote:
> Sam:
> > Thus, external connections to the NAT box would be forwarded to your X
> > client (The Linux system?). Note Well: I would STRONGLY encourage you
> > to examine
> > http://www.motifzone.com/tmd/articles/X_Security_1/security.html
> > before embarking on making X available to the outside (even on a
> > limited scale). IP access control, etc. should be strongly considered.
> > I usually make an external connection to the X Box via SSH and use SSH
> > to open an external screen. Proper use of xauth and similar tools will
> > make for a more secure system.
> That is exactly my plan.  When I was testing, I was SSH-ing into the
> appropriate box, setting DISPLAY, and attempting to execute a simple
> xterm.  I understand what you are saying, and I wouldn't dream of opening
> up the x ports to the world.  I will SSH in and control access via xhost
> (as you mentioned).

SSH does X11 forwarding along the SSH connection.  Read the ssh(1) man
page thoroughly.

David Terrell            | But remember that "layman" is just a polite 
dbt_(_at_)_meat_(_dot_)_net             | word for "idiot." 
http://wwwn.nebcorp.com/ |  - Neal Stephenson