Cybersecurity

Hey GUys,
Once again I run in to problem and I am here for ur help.
I have two sun(solaris) box on company LAN.
One Unix Box is behind the firewall and the other one is Outside the firewall. The thing i need to do is
remote display a graphic on Unix box outside the firewall to the Unixbox behind the firewall. I have no idea how i am gonna do this. How safely can I do this kind of configuration avoiding the risk of someone hacking in to the system behind the firewall.
I have tried to find out information on the web and this forum itself but somehow its not clear.
rsh or ssh might solve the problem of display part but what all settings i need to change to make this work.
Will really apprecitae ur expertise .
Tx

are you using a "hardware" (ie linksys router) firewall, or software firewall ?

Firewall is hardware and we are using Nokia, using Nortell routers.

SSH should be able to do what you are looking for, assuming you are using Xwindows as your graphical display environment on both ends.


Assuming the following:

systemA - the computer that has the application you want to run across the network

systemB - the computer you are "local" to, where you are connecting to systemA from.


Install the OpenSSH packages on both systemA and systemB (can be had from www.sunfreeware.com).

Make sure the /usr/local/etc/sshd_config file on systemA has the following line in it:

"
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
"

and be sure to restart sshd on systemA.

Make sure /usr/local/etc/ssh_config on systemB has the following:

"
Host *
ForwardX11 yes
"

Then ssh from systemB to systemA and run the following command:

echo $DISPLAY

You should see the following returned:

localhost:10.0

This means that a X11 session is forwarding through your ssh session, so you should be able to run an X11 application on systemA and have it display on your local systemB.

thanks protologic
The information i was looking for is security concerns with this kind of settings .. since my system behind the firewall is open to the system outside the firewall, how safely can i do the remote display of one window from one system to other.

Moreover I want to minimize the traffic over the network while doing this, since I am using an existing network over the system which is used for some other purpose. Is there a way to program this settings so that traffic is minimal.

when `ForwardingX11 yes ` is set all users are able to ssh with x term i.e they can use display or GUI..
Is there any way to restrict to few users alone..
i.e only some special users can use ssh -XCPY
and others cant use the above option...
where to edit for giving certain users more previleges??