Tunnel Your X server traffic

Tunnel Your X server traffic


You can also tunnel your X server traffic to remote X clients using an
SSH connection. This is important because unencrypted X traffic
provides an attacker with a gold mine of information that he or she
can use to compromise your systems.


To configure a remote X client without encryption, you can use the
following procedure:



1) On the remote

    X client, enter xhost +X_server_hostname.

    This tells  the client to accept connections from the X server.


2) On the X server, enter

    DISPLAY=X_client_hostname:0.0 

    and then enter

    export DISPLAY

    This tells the X server to display its output on the remote X client.


3) From the X client, use the ssh client to access the shell prompt on
   the X server and then run the graphical application you want displayed
   on the X client. For example, you could enter gedit at the shell
   prompt to remotely display the gedit text editor. You could also enter
   office at the shell prompt to remotely display the OpenOffice.org suite.



This procedure works, but all the X traffic is transmitted unencrypted. This isn’t good.

Instead, you should use SSH to tunnel the X server traffic between the X server and the X client.

You can do this using one of the following options:


• Use the –X option with the ssh client program.

• Set the ForwardX11 option to a value of yes in the
  /etc/ssh/ssh_config file on the X client system.



Once this is done, you then need to set the X11Forwarding option to
yes in the /etc/ssh/ sshd_config file on the X server system.



LX0-104 Exam Objectives (H)