Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: X11 Forwarding

from [Foster, Dale] Network Security [Permanent Link]
Subject: RE: X11 Forwarding
Date: Wed, 20 Apr 2005 01:58:03 -0400 
Marshall,
         As long as there are enough ports open between the two hosts
setting DISPLAY manually will work.  In more secure environments where
perhaps the only port open is SSH, this method of setting DISPLAY, will
fail.

        As long as X11 forwarding is enabled on both client and server,
DISPLAY should be properly set when you connect, allowing you to run
Xapps(that honour DISPLAY), through the encrypted ssh tunnel.

Dale Foster

-----Original Message-----
From: McDougall, Marshall (FSH) [mailto:MarMcDouga@gov.mb.ca] 
Sent: April 19, 2005 10:55 AM
To: Christ, Bryan
Cc: secureshell@securityfocus.com
Subject: RE: X11 Forwarding


Purely speaking, X and ssh are completely separate items.  Ssh will work
without X and vice versa. Ssh will also work just fine without $DISPLAY
set.

On my HP-UX and RH systems, I always needed to set my $DISPLAY.  You
should be looking at your Xserver more than your ssh setup.

Regards, Marshall

-----Original Message-----
From: Christ, Bryan [mailto:bryan.christ@hp.com] 
Sent: Tuesday, April 19, 2005 11:39 AM
To: McDougall, Marshall (FSH)
Cc: secureshell@securityfocus.com
Subject: RE: X11 Forwarding


Thanks for the reply Marshall.

As far as I can tell, at least according to what I have read, there
shouldn't be any need to set DISPLAY manually.  It seems it should be
set automatically based on the setting/value for X11DisplayOffset (I
think sshd does the dirty work upon login).  If this is not the case,
then I must have misunderstood.

-----Original Message-----
From: McDougall, Marshall (FSH) [mailto:MarMcDouga@gov.mb.ca] 
Sent: Tuesday, April 19, 2005 10:24 AM
To: Christ, Bryan
Subject: RE: X11 Forwarding

You need to set it.  Depending on your OS, you can readily script it to
automatically set it when you login.  For example, in my RH servers I
put the following in /etc/bashrc:

#setup DISPLAY
XX=`who am i | sed -ne 's/.*(//;s/).*$/:0/p'` test "x$XX" != x  &&
export DISPLAY="$XX"

Regards, Marshall

-----Original Message-----
From: Christ, Bryan [mailto:bryan.christ@hp.com]
Sent: Monday, April 18, 2005 9:46 AM
To: secureshell@securityfocus.com
Subject: X11 Forwarding


Does anyone know why my DISPLAY variable is not getting set?  I have
tried looking at the debug messages from

ssh -vv -X user@host

but I haven't seen anything suspicious. xauth is installed in the normal
location and seems to run correctly (although I'm really not familiar
with it).  In my sshd_config file, the relevant options are set as:

X11Forwarding yes
X11DisplayOffset 10
#X11UseLocalHost no
#UseLogin yes

I've spent quite a bit of time googling on this problem and haven't come
up with anything yet.  I suspect that it might have something to do with
installing XFree86 on Slackware 9.0 after initial OS installation (using
installpkg *.tgz on the relevant packages).  I'm really at a loss for
where to turn.

Server is OpenSSH 3.5p1, OpenSSL 0.9.7a
Client is OpenSSH 4.0p1, OpenSSL 0.9.7f 

Thanks in advance!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: X11 Forwarding, Jeff Rosowski
Next by Date:  Re: X11 Forwarding, Greg Wooledge
Previous by Thread:  RE: X11 Forwarding, Foster, Dale
Next by Thread:  SCP + iptables (firewall) - stalled transfers, Bell, David I.
Indexes:  [Date] [Thread] [Top] [All Lists]