On Wed Jun 7 15:58:01 2000, Jorge Aldana said:
> Start Exceed then login to your favorite ssh compatible unix
> computer (from the Windows machine) then I have a .pcinitrc file which
> contains the following: see below (where the ### mark the beginning/end of
> the file but not included in the file) also the window manager depends on
> your choice, I use several as you can see by the commented out lines at
> the bottom of the file, currently set at fvwm. The file has permissions
> 755.
>
> ###########################################
> #!/bin/csh -f
> #
>
> setenv DISPLAY $1\:0.0
Of course, you realize that by pointing your DISPLAY back to the PC, you're
undermining SSH X-forwarding. Which means your xterm sessions, for example,
are not encrypted.
You should instead allow sshd to set DISPLAY to unixhost:n.0 (where n > 0),
by telling the ssh client to do X forwarding. Then all X clients (including
xterm) on 'unixhost' will go over the ssh tunnel.
Then, you should use Host Access Control on Exceed, making sure to have only
one entry in the xhost.txt file, namely '127.0.0.1', or 'localhost' (on some
Windows systems, only the former seems to work). In other words, don't allow
any remote hosts direct access your Exceed server. Instead, you are letting
only the ssh client (which is acting as a proxy for the remote 'unixhost', via
the sshd <--> ssh tunnel), to connect to Exceed.
As long as you're going to be using X over ssh, you might as well make it
secure!
Mike
----------------------------------------------------------------------------
Mike Friedman [EMAIL PROTECTED]
Communication & Network Services +1-510-642-1410
University of California at Berkeley http://ack.Berkeley.EDU/~mikef
----------------------------------------------------------------------------
