Lo, on Monday, January 6, nate did write: > Abdul Latip said: > > > IT WORKS! Thank you very much! May I know for what is > > "-nolisten tcp" in xserverrc? > > sure, glad to help. the nolisten tcp is to prevent the X server > from listening for connections on TCP ports.
... which is a good thing for security reasons. > nolisten tcp breaks setups that depend upon exporting the > display e.g. export DISPLAY=remote.server:0.0 Yes. > SSH bypasses this by tunneling the connection over the SSH connection > and(I think) connecting to the X server via sockets instead. Pretty much, although `sockets' is an overly broad term. In this case, I believe that the ssh client uses Unix-domain sockets to communicate with the X server on the local machine. Unix-domain sockets are like normal TCP/IP sockets, with a couple of exceptions: - Unlike TCP/IP sockets, their addresses are pathnames, so these sockets live in the filesystem. Try /bin/ls -l /tmp/.X11-unix to see an example. - Unix-domain sockets allow connections only to other processes on the same machine. This loss of flexibility gets you a speed benefit and a much simpler security situation: you don't have to worry about connections from arbitrary hosts on the internet. (For those who don't know what a socket is, read `connection' instead: it's roughly the same idea.) Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
