Re: Oh dear - another clueless 'setenv DISPLAY' question...
Re: Oh dear - another clueless 'setenv DISPLAY' question...
- Subject: Re: Oh dear - another clueless 'setenv DISPLAY' question...
- From: "Piotr Grzybowski" <email@hidden>
- Date: Fri, 10 Oct 2008 22:56:26 +0200
i mentioned the issue in the original mail in the P.S. section.
unless you have some unfriendly people around,
with access to your machine you do not need to worry.
and there is no way to check on the sshd side if the user
has the keys encrypted with a password. the private keys
are never sent anywhere so safety of your machine,
more or less, equals the safety of your private key.
cheers,
pg
On Fri, Oct 10, 2008 at 10:51 PM, Michael Reilly
<email@hidden> wrote:
>
>
> email@hidden wrote:
>> Holy smoke - that worked!! Thank you (and Jim) very much :-)
>>
>> Mick.
>>
>> -------------- Original message ----------------------
>> From: "Piotr Grzybowski" <email@hidden>
>>> Hullo,
>>>
>>> to display xwindow applications on your display
>>> (machine A), you need to forward the x11 connection
>>> over, e.g., ssh. from the machine A run:
>>>
>>> ssh -X yourlogin@remotemachine nameoftheapp
>>>
>>> in order to login without password, run on machine A:
>>>
>>> ssh-keygen -t rsa
>>> (when asked a question hit enter, and then enter)
>>>
>>> then take from machine A ~/.ssh/id_rsa.pub and copy it to
>>> ~/.ssh/authorized_keys on the remote machine.
>>> provided that the sshd is setup correctly you should be able
>>> to login without pass.
>>> works?
> As previously mentioned your key is not password protected unless you set a
> password on it. Many companies have outlawed using ssh with RSA (or DSA in ssh
> v2) keys for this very reason. Protect your keys with a password and use
> ssh-agent. I wouldn't allow anyone to access my ssh server using an unprotected
> key.
>
> michael
>>>
>>> your,
>>> pg
>>>
>>> P.S.
>>> keep in mind that your keys (generated by ssh-keygen)
>>> once you had pressed enter instead of typing a password
>>> are not encrypted. when you use the machine A in
>>> unfriendly enviroment and have some malicious super
>>> users around, you should consider using some key managers, like
>>> keychain from gentoo, with ssh-agent, etc.
>>>
>>>
>>> On Fri, Oct 10, 2008 at 9:44 PM, <email@hidden> wrote:
>>>> Hi,
>>>>
>>>> I have an old environment at work that I'm trying to resurrect whereby I use
>>> my Mac and X11 to run CAD jobs on my linux box and display their windows back on
>>> my Mac. I used to do this by running a script that was invoked when I
>>> double-clicked on the icons of the CAD package files. That script looked like:
>>>> xhost + my_linux_machine
>>>> rsh my_linux_machine -l mueck "source ~/.login; setenv DISPLAY
>>> my_macs_IP_address:0; cad_command &"
>>>> The beauty of the above was that I didn't have to enter my password for the
>>> rsh command because I had my Mac listed in the linux box's .rhosts file i.e. my
>>> Mac was granted permission with no questions asked.
>>>>
>>>> Now I know that the latest X11 frowns upon setting DISPLAY and I can easily
>>> do:
>>>> ssh -Y mueck@ my_linux_machine
>>>> -- enter my password
>>>> cad_command
>>>>
>>>>
>>>> However when automating the ssh method via double-click it's a major pain to
>>> have to enter my password all the time. Can some kind soul please tell me how to
>>> either modify the rsh method to get around the DISPLAY thing, or advise some way
>>> to get around the password requirement in the ssh method. Regarding the ssh
>>> method, I've already tried making a ~/.shosts file and a ~/.ssh/known_hosts file
>>> but neither work. Going to our IT department (who don't like Macs) is not an
>>> option.
>>>> I'm only just average at unix & X11 stuff...
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Mick
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> X11-users mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>> This email sent to email@hidden
>>>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> X11-users mailing list (email@hidden)
>>
>> This email sent to email@hidden
>
> --
> ---- ---- ----
> Michael Reilly email@hidden
> Sedona, Arizona
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden