On Thu, 22 Feb 2001, David Brett wrote:
> Hi Mikkel
>
> If you could point me in the direction for how to add this level of
> complexity, I will give it a try.
>
> As a side note it is not that insecure the way we have it set-up. The
> data probably could be viewed, but it is not of any importance
>
>
> david
>
David,
There are a couple of ways to do this. If you are running sshd
on the office machine, and you can connect to it from the internet, then
all you have to do is make sure X forwarding is turned on. The normal
place to check is /etc/ssh/sshd_config. Look for a line
"X11Forwarding yes", or at least the absence of "X11Forwarding on".
No, on your home machine, you will need ssh. You can have
"X11Forwarding yes" in /etc/ssh/ssh_config, or you can start ssh with
the -X option to turn it on for that connection. Now, you just use ssh
from an xterm on your home machine to connect to your office, and run
what ever X based program you want. It will show up on your home
display. Ssh takes care of setting the display varable on the far end,
and because you are running it from your X secession, it already has
permission to connect to the X server on the local machine. If you want
to run a window manager on the office machine, that can be done too.
One way is to use Xnest to start a second X server in a window on your
desktop. The second way is to start an X server that uses ssh to start
the window manager on the remote machine instead of starting you local
window manager. You can modify the startx script to do this.
Ok, now to get a bit more specific. If you are not running ssh now, you
will want to get the openssh package. You will also need openssl to
install openssh. Once you have it installed and configured on both
ends, you will need a way to get it through your firewall. You do not
specify what you are using for firewalls, so I can not go into detail
about this. If you are using a Linux firewall with IP chains, then you
can port forward the normal ssh connection to your office machine, ssh
to the firewall and create another ssh connection from the firewall to
your office machine, or pick another port that will be port forwarded to
port 22 on your office machine. I have not set up port forwarding yet,
but it has been covered on the list often enough.
You will want to run ssh-keygen to generate key pairs, and copy
~/.ssh/identity.pub from your home machine to your
~/.ssh/authorized_keys at work. You can have more then one key in
authorized_keys - each key is a seperate line in the file. Depending on
your security concerns, you may or may not want a password on your
private key. If you do not have a password on it, and someone manages
to get a copy of it, they can use it to log into your machine at work
without having to know a password. If you have a password on it, you
will have to enter the password when ever you use the key, (logging into
a remote machine, using scp to coppy a file, etc.) or run ssh-agent and
ssh-add at the when you before you start the ssh secession, and it will
let you use the key with only having to enter the password once.
Ssh will also let you run a command on a remote machine in the style of
rsh, but with security. This is very handy for use in window manager
menus. Something like "ssh -X <remote machine> /usr/X11R6/bin/xsysinfo.
This will start xsysinfo on the remote machine and it will show up on
your desktop.
This should get you started. Let me know what you need specific
information on. I use ssh to forward connections on my local network
all the time. The main difference here is you are going over the
Internet, and through two firewalls.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
