l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2005 Mar 17 14:26

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Exporting displays
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Exporting displays



on Wed, Mar 16, 2005 at 10:42:41PM -0800, Mark K. Kim (lugod@cbreak.org) wrote:
> On Wed, 16 Mar 2005, John Wojnaroski wrote:
> [snip]
> > I'm trying to login into a remote host and have the host export the screen
> > display back to my machine
> [snip]
> > "export DISPLAY=my_ip_address:0.0"  returns something like "Xlib: client is
> > not authorized to connect to server" which seems to indicate that something
> > is missing or lacking on the local machine.  Any suggestions where to look?
> [snip]
> 
> That'll work except your local computer isn't letting the connection
> through for security reasons.  On your *local* computer, type this:
> 
>    $xhost +

BAD MARK.  NO DONUT.  OR COOKIE.

Please do NOT suggest people try this, particularly...
 
> *but* this will work only if your local computer is connected directly to
> the Internet.

...on live Internet connections.


Fortunately, most modern X servers toss a few additional roadbumps in
front of idiots trying to attempt this.  I'm not going to detail these
here, and would appreciate if nobody else does.  The act of Googling for
the workarounds is itself an exercise which might educate same as to why
this is a blatently *STUPID* idea and grossly incompetent advice.
 
> The better way is to use ssh with the -X option to connect to the remote
> computer in the first place.  

This should be your only answer.

> Not only does ssh setup the X forwarding for
> you automatically (not need to do "export blah blah" or "xhost blah blah"
> or be concerned about not being connected directly to the Internet), but
> your connection will be secure.  But this works only if the remote
> computer has a ssh server with X forwarding enabled, which it is by
> default on most systems I've seen.  

Not, FYI, Debian.  Not sure of Ubuntu, haven't checked yet.  I've got
access to 9.x builds of MDK and SuSE to look at as well.

> The drawback is the connection will be a little slower than it would
> be on an insecure system, but it shouldn't be noticeable under most
> circumstances.

More specifically:  video and multimedia performance will likely be
unsatisfactory (flash, DVD viewing, etc.).  There's too much processing
overhead.

The '-C' option compresses the data (this actually _increases_ latency,
but decreases total bandwith requirements and may speed systems on slow
links).  Using a fast cipher (Blowfish) can alleviate problems,
particularly on slower hardware.  Hardware lacking an FPU (floating
point (processing) unit) will perform _far_ worse than those with.

Use of lbxproxy may also provide performance benefits in some
configurations (slow links).


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    MX Radio - With Bob Edwards, who needs NPR?       http://www.xmradio.com/

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.