X11 forwarding

[Luciano Rocha]

On Wed, Jul 23, 2008 at 05:12:13PM +0200, Christian Brandt wrote:
>  Instead of confusing everyone with x-server vs. dropbear-client I'll explain 
>  what I am actually aiming for:
> 
>  I run a rather embedded simpad with local X display and a dropbear client on 
>  which I want to diplay a remote application running on a full blown ubuntu 
>  server tunneled through ssh.
> 
>  Now if I had ssh instead of dropbear on the simpad I could run xterm by 
>  entering on the simpad: ssh -X server xterm - ssh gets a command line, sets 
>  up a tunnel and sets $DISPLAY on the ubuntu machine in a sane way. But 
>  dropbear doesn't...
> 
>  Dropbear seems to miss the "-X" option and offers nothing in exchange:
> 
>  brandtc at sword:/tmp/dropbear-0.51$ grep X11 options.h
>  /* Enable X11 Forwarding - server only */
>  #define ENABLE_X11FWD
>  /* The command to invoke for xauth when using X11 forwarding.
>  #define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
>  #ifndef ENABLE_X11FWD
>  #define DISABLE_X11FWD
>          defined(ENABLE_AGENTFWD) || defined(ENABLE_X11FWD)
> 
>  So could use X without tunneling like this:
>  simpad:~$ xhost +
>  simpad:~$ ssh -i ~/.ssh/id_rsa.db server
>  server:~$ export DISPLAY=simpad:0.0
>  server:~$ firefox &
> 
>  ugly and insecure...

Well, if you have tcp connections enabled, then just copy the auth
cookie, instead of leaving it open.

like this:
xauth list :0 | (read host type data;
   ssh server xauth add $(hostname):0 $type $data)

You could even forward tcp connections, and just allow locally from
localhost:
xauth list :0 | (read host type data;
   ssh server -R 6010:localhost:6000 xauth add localhost:10 $type $data \; xterm)

(exports and runs xterm)

-- 
lfr
0/0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080723/48dd80d5/attachment.pgp