Hi,

On 2021-06-29 2:43 p.m., Greg Wooledge wrote:

> DO NOT USE xhost + WITH ssh -X OR ssh -Y
> 
> That was the fucking point.
WoW...
Take it *easy* there...
> Now, if you want to advocate that people should use xhost + because
I never talked about xhost myself.
And the only thing I said was that by learning how things work from the
inside out, you'll be able to fully understand problems that may arise
when ssh -X does not do what you want automatically.

> that's how you learned things back in the early 1990s, that's your right,
> but I hope you will at least point out how INCREDIBLY INSECURE this is,

I never said in no situation something like "use xhost +".
The same way as I never said to unblock all the ports on your router or
to let everyone have access to *sudo* on a server.

> 
> Even then, you wouldn't combine it with ssh -X.  xhost + and manually
> overriding DISPLAY bypasses the ssh encryption layer entirely.  It also
> involves starting the X server with a non-default option, so it's quite
> a lot more work than using ssh -X.  Which is good.  We wouldn't want the
> horribly broken way to be the easy way.
> 

I never said anything related to using DISPLAY and / or xhost with ssh.

Maybe if you read what it is said in the complete context, then you may
start to get a beginning of a understanding.

You are *messing up* two things.

The first :
I suggested to read some book, someone else gave some good references
for books name as I only suggested "X11 books from O'Reilly".

The second :
I suggested to learn on how does X11 networking infrastructure work. And
this is  how does a client know where to display using the DISPLAY
variable and how does X11 authenticate client.
*As you can see, there's no indication of using xhost*

The third :
This thread suggested to use ssh -X for using a X client and X server on
different machine. As a easier way around.

The fourth :
I suggested to still learn the inner working of X authentication so that
if a problem arise with ssh -X then you'll be able to do some diagnostic
yourself.

The fifth :
You show up and....(whatever)

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to