Re: trying to secure xdmcp over ssh - macbook pro <---> linux
Re: trying to secure xdmcp over ssh - macbook pro <---> linux
- Subject: Re: trying to secure xdmcp over ssh - macbook pro <---> linux
- From: Jeremy Huddleston <email@hidden>
- Date: Mon, 27 Sep 2010 09:38:14 -0700
On Sep 27, 2010, at 03:43, Audio Phile wrote:
>> Does this work for you?
>>
>> xinit /usr/bin/ssh -Y user@linux gnome-session --
>> /usr/X11/bin/Xnest :5 -geometry 1270x750 -ac
>>
>> I'm not sure if it will handle password authentication, so
>> make sure you use ssh keys for authentication. You
>> should get a nice graphical passphrase request, or you can
>> use 'ssh-add' beforehand.
>
> You're correct in that it doesn't allow me to type a password. I can't use ssh keys on my Linux box for security reasons since this laptop could get stolen and with it the key to the server. Your solution is much more elegant than what I came up with:
If that happens, you just delete the key from the authorization file...
> #!/bin/bash
> Xnest :1 -geometry 1250x750 -ac & xterm -display :1 -e "ssh -Y user@linux -n gnome-session"
You're itching to hit a race condition if you do that. That's essentially the same thing as what I suggested but with an extra xterm and this race problem.
>
> My script is clunky because
>
> 1) The user has to move the mouse over the xterm within the Xnest to authenticate.
> 2) Once it loads up the xterm needs to be minimized.
> 3) Logging out is also clunky; the user has to logout from gnome, then ctrl+c a few times in the xterm, and finally command+Q to close out of Xnest.
>
> Wish I could get your one-liner to work with passwords :)
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> X11-users mailing list (email@hidden)
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden