Re: xhost

From: Patrick Morris (pmorris@wilshire.com)
Date: 05/29/02


Date: Wed, 29 May 2002 10:20:58 -0700
From: Patrick Morris <pmorris@wilshire.com>
To: "Small, Jim" <jim.small@eds.com>

A relatively simple solution to this might be to go ahead and disable
xhost, then have admins use SSH to forward their X sessions.

On Wed, 29 May 2002, Small, Jim wrote:

> Unfortunately in this situation, someone can simply do an xhost +. A script
> is not viable, because since this is a server and only admins will be using
> it, they would easily be able to get around any script. That's why I'm
> inclined to think the only sure way is to delete the xhost command.



Relevant Pages

  • Re: xhost
    ... then have admins use SSH to forward their X sessions. ... someone can simply do an xhost +. ... SSH is a good solution. ... you can use SSH with Xforward or Xroute in combination. ...
    (Focus-SUN)
  • Re: ssh -X shop problem...
    ... Gene Heskett wrote: ... using fake authentication data for X11 forwarding. ... "gene" can't run X applications on the local system at that point, and neither can he forward X over ssh. ... Since you've used xhost to add permission to something other than localhost, you probably misunderstand how X forwarding works. ...
    (Fedora)
  • Re: Whats the deal on the -X vs -Y thing?
    ... nor do they have admins who would be responsive ... industry looks to OpenSSH for their ssh solution, ... deep-ssh cannot handle this kind of syntax in its current form. ... > This enhanced client would only be needed on the originating host. ...
    (comp.security.ssh)
  • Re: Problems with SSH and X11
    ... I'll leave the "Is xhost ok here" question for others to ... When you ssh with X11 forwarding, and the remote system at least has ... appear on rock and the data is not being forwarded over ssh. ...
    (Debian-User)
  • Re: Securing SSH
    ... I agree, one should never use xhost +, this undoes all the work done by the ... -X or -Y ssh options. ... In fact using ssh -Y user@remote is good enough. ... > You should then see the Xclock on your system from the remote system. ...
    (Fedora)