Login or Register to Ask a Question and Join Our Community


Cybersecurity

X forwarding vs Remote DISPLAY

 
Thread Tools Search this Thread
Special Forums Cybersecurity X forwarding vs Remote DISPLAY
Prev   Next
# 1  
Old 08-22-2012
X forwarding vs Remote DISPLAY
Hello,
I have a question about X forwarding. I was told that we can't X forwarding anymore, do to a security checklist.
Example:
Code:
bitlord@server1# ssh -X server2

So we have to use the DISPLAY variable now. I thought this was less secure?
Example:
Code:
bitlord@server1# xhost + server2
server1 being added to access control list
bitlord@server1# echo $DISPLAY
:1.0
bitlord@server1#  ssh server2
bitlord@server2# export DISPLAY=server1:1.0
bitlord@server1# gedit #for example

What gives, is this more or less secure the X forwarding? Is there a better way?

Any info would be helpful
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Display problem when running a remote script

Hi, Quick question, someone will hopefully be able to stop me from :wall:. I currently have a script which calls a script on a remote machine and captures the stdout to a file: ssh <user>@<server> > output 2>/dev/null <<_EOF /path/script.ksh _EOF This runs the script but the... (4 Replies)
Discussion started by: chris01010
4 Replies

2. AIX

Forwarding AIX syslog/errorlog to remote SQL DB

Due to a project I'm currently tasked with I'm spending my time trying to find a way to forward the syslog to a remote, in this case Red Hat, server and squeezing it into a SQL DB. Rsyslog is doing this job quite nicely for most of our test-servers, but I couldn't find any reliable information on... (1 Reply)
Discussion started by: Skleindl
1 Replies

3. UNIX for Advanced & Expert Users

Forwarding syslog msgs to remote server non standard port

Hello Forumers! Has anyone successfully implemented forwarding of syslog messages to a remote server which is listening on a port other than udp514? Thanks! (3 Replies)
Discussion started by: bluescreen
3 Replies

4. UNIX and Linux Applications

invoke remote graphical application..and display locally

Hi, I want to invoke(run) a graphical application remotely, and the display should be in remote itself. (no X redirect).i want to do this through ssh. like if i login to a remote machine and run firefox it should display there itself. how can i do this..? (2 Replies)
Discussion started by: madhusudankh
2 Replies

5. Solaris

Cygwin/X Remote connection frozen display problem

Hello, We are using Solaris 2.5.1 box. And we are accessing to Solaris from Windows xp using Cygwin/X. The connection establish without any problem and we can use desktop environment. But, sometimes later ( various between 2 minutes to 10 minutes ) Connectted desktop display is frozen. Mouse is... (4 Replies)
Discussion started by: summerboy
4 Replies

6. UNIX for Advanced & Expert Users

Problem with OpenSSH Remote Port Forwarding with Bind_address

As in the ssh(1) man page: -R bind_address:]port:host:hostport .......By default, the listening socket on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address `*', indicates... (2 Replies)
Discussion started by: ahmad.zuhd
2 Replies

7. Cybersecurity

ssh X-forwarding and remote forwarding behind proxy

Hi, from my workplace we use a proxy to connect to the outside world, including external ssh servers. The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Discussion started by: vampirodolce
1 Replies

8. Solaris

display remote commands

is there a way to display the commands the the remote user is typing -I would like to know a way by which i can log onto a remote system and type commands as the user watched on the console - I know about vnc but that is not what i am looking for -or is it rexec ? Ndegem SCSA (4 Replies)
Discussion started by: ndegem
4 Replies

9. Solaris

help forwarding display over vpn

my and the other unix administrator have never been able to get our DISPLAY forwarded over vpn. on our redhat linux boxes we can just use: ssh -X server1 and it works with no problems. however, on the solaris boxes the -X doesn't work. is it possible to set up solaris 7 through solaris... (2 Replies)
Discussion started by: kuliksco
2 Replies

10. Shell Programming and Scripting

export display of directories of remote machine

hi I wanted to export the display of all directories of home with their respective subdirectories and files if any on my local pc. this home directory is of some remote machine . using ssh remote login and then using struct direct i can just gate name list of directories . but not the display... (2 Replies)
Discussion started by: bhakti
2 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

setforward

setforward(1)						      General Commands Manual						     setforward(1)

NAME

       setforward - create a forwarding database

SYNOPSIS

       setforward cdb tmp

DESCRIPTION

       setforward  reads  a table of forwarding instructions from its standard input.  It converts the table into a forwarding database.  The for-
       warding database can be used by fastforward.

       setforward writes the forwarding database to tmp; it then moves tmp to cdb.  tmp and cdb must be on the same filesystem.

       If there is a problem creating tmp, setforward complains and leaves cdb alone.

       The forwarding database format is portable across machines.

INSTRUCTION FORMAT

       A forwarding instruction contains a target, a colon, a series of commands, and a semicolon.  Each command is  a	recipient  address,  owner
       address, external mailing list, or program.  Commands are separated by commas.

       For example,

	  root@yp.to: god@heaven.af.mil, staff@af.mil;

       says that mail for root@yp.to should be forwarded to the recipient addresses god@heaven.af.mil and staff@af.mil.

       When setforward sees # it ignores all text from # to the end of the line:

	  # this is a comment

       setforward  ignores  all  other	line  endings,	so  you can split a forwarding instruction across lines.  It also ignores spaces and tabs.
       Exception: you can put a space (or tab or comma or whatever) into a target or command by putting a backslash in front of it.  (However, NUL
       bytes are not permitted anywhere.)

TARGETS

       When  fastforward  sees the incoming address user@host.dom, it tries three targets: user@host.dom, @host.dom, and user@.  It obeys the com-
       mands for the first target that it finds.  Target names are interpreted without regard to case.

       All the commands for a single target must be listed in a single instruction.  Exception: an owner address  can  be  listed  in  a  separate
       instruction.

RECIPIENT ADDRESSES

       If a command begins with an ampersand, setforward takes the remaining bytes in the command as a recipient address:

	  boss@yp.to: &god@heaven.af.mil;

       fastforward  sends  each incoming mail message to the recipient address.  The recipient address must include a fully qualified domain name.
       It cannot be longer than 800 bytes.

       If a recipient address is itself a target in the forwarding table, fastforward will recursively handle the instructions	for  that  target.
       Note that @host.dom and user@ wildcards do not apply here; they apply only to the incoming address.

       If a command begins with a letter or number, setforward takes the entire command as a recipient address:

	  boss@yp.to: god@heaven.af.mil;

OWNER ADDRESSES

       If a command begins with a question mark, setforward takes the remaining bytes in the command as an owner address:

	  sos@heaven.af.mil: ?owner-sos@heaven.af.mil;

       fastforward  uses that address as the envelope sender for forwarded mail, so bounces will go back to that address.  (Normally, if a message
       is forwarded to a bad address, it will bounce back to the original envelope sender.)

EXTERNAL MAILING LISTS

       If a command begins with a dot or slash, setforward takes the entire command as the name of a binary mailing list file created by  setmail-
       list:

	  sos@heaven.af.mil: /etc/lists/sos.bin;

       fastforward will read and obey the commands in that file.  The file must be world-readable and accessible to fastforward.

PROGRAMS

       If a command begins with a vertical bar or exclamation point, setforward takes the rest of the command as the name of a program to run:

	  dew@: |dew-monitor;

       For a vertical bar, fastforward feeds the message to that program.  An exclamation point works the same way except that fastforward inserts
       $UFLINE, $RPLINE, and $DTLINE in front of the message.

DUPLICATES

       When fastforward is building the recipient list for a message, it keeps track of the recipient addresses and external mailing lists it  has
       used.  If the same command shows up again, it skips it.	For example:

	  everybody@yp.to: programmers@yp.to, testers@yp.to;
	  programmers@yp.to: joe@yp.to, bob@yp.to;
	  testers@yp.to: joe@yp.to, fred@yp.to;

       A  message to everybody@yp.to will be sent to joe@yp.to only once.  (This also means that addresses in an internal forwarding loop are dis-
       carded.)

       Exception: If a target has an owner address, commands for that target are considered different from commands for ``outside'' targets.

SEE ALSO

       newaliases(1), preline(1), printforward(1), setmaillist(1)

																     setforward(1)