• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Accessing RedHat Linux 8 system
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Accessing RedHat Linux 8 system

  • Subject: Re: Accessing RedHat Linux 8 system
  • From: Sean Ahern <email@hidden>
  • Date: Wed, 26 Feb 2003 16:09:19 -0800
bryan wrote:
> Thanks for your comments, however I have so far been led to believe that
> these commands are for use when not tunneling X applications via ssh
> (using the ssh -X command)

That's correct.  Tunnelling X11 through X11 does not require xhost
authentication.

Joe Davison wrote:
> I don't see anyone mentioning "xhost" in this discussion.  When I
> regularly used X11 between machines, one had to authorize the use of one
> machine from another, which is what xhost does.

It was discussed much earlier.  You can search the archives for it.

The primary reason that you won't hear "xhost" as a way of doing
connections from one machine to another is that there are security issues.

First off, you're authenticating machines, not users.  Thus, you are
opening up your machine to any user on that remote machine.  In general,
you want to authenticate on a user-by-user basis.  That's the domain of
xauth or ssh forwarding.

Second, even if you know that you can trust the other machine, your X11
command stream is not encrypted.  That means that anyone on your network
can snoop your packets and reconstruct what you're doing.  That's not as
much of a security hole as the xhost one offers, but is a vulnerability
nonetheless.

Forwarding the X11 connection through ssh is the most secure method
available.  Not only does it provide user authentication, but it also
provides for encryption (and compression) of the forwarded X11 command
stream.

(In fact, we've often thought of removing the "xhost" command from
machines, just so that users can't open the hole it creates.

-Sean

__
email@hidden
_______________________________________________
x11-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/x11-users
X11 for Mac OS X FAQ: http://developer.apple.com/qa/qa2001/qa1232.html
Report issues, request features, feedback: http://developer.apple.com/bugreporter
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Accessing RedHat Linux 8 system (From: Joe Davison <email@hidden>)
 >Re: Accessing RedHat Linux 8 system (From: bryan <email@hidden>)

  • Prev by Date: Re: MAC X11 gnome2 & metacity question
  • Next by Date: x11 needs restart after sleep
  • Previous by thread: Re: Accessing RedHat Linux 8 system
  • Next by thread: Re: Accessing RedHat Linux 8 system
  • Index(es):
    • Date
    • Thread