Josh Rivel wrote...
> Ernest Cespedes wrote...
>
>> I just installed X-Win32 by Starnet.com as well as F-secure ssh2.0 from
>> Datafellows on a client PC. I was wondering how I can configure X-win32 to
>> run over SSH such that all xterm windows and applications are encrypted.
>> I spoke with the tech support from both vendors and didn't quite get an
>> answer. The remote server is Solaris 2.7 with SSH 2.12.
>>
>> Here's what I did so far:
>>
>> F-Secure SSH - enabled X11 Tunneling
>
> Should be all you need. Also, the remote server should have been compiled
> with x11 forwarding enabled (which it is by default).
Right so far,
> Fire up F-Secure on the pc, and connect to the SOlaris server. Type in
> "echo $DISPLAY" (Without the quotes) and it should say someting like this:
>
> hostname.of.pc.com:10.0
Um, it shouldn't give the hostname of the PC client. (If it did, the
display number would probably be :0.0. And that would mean that it would
try to connect directly to the X server, quite insecurely I might add.)
The name printed should be the name of the Solaris server itself. The
number of the display is going to be just anything bigger than 0 (:1.0,
:2.0, etc, depending on the current state of the machine).
> Make sure that in X-Win32 you enable xhost access for the IP address
> of the Solaris server you are logging into.
No Please! Next thing you know these guys are starting X clients
directly without ssh while believing they are secure. Helping them shoot
themselves in the foot isn't going to improve anybody's security.
The X-Win32 should be configured not to accept any connections from
anywhere else but localhost.
I don't know about this particular product, but at least with eXceed it
is possible to start the server up in passive mode - that is, so that it
doesn't try to connect to a host for a login screen. This is what you
want to do.
--
Atro Tossavainen, email available at URL
http colon 2*slash www dot iki dot fi slash atossava slash
