Re: Linux newbie question: problems using XDMCP to remotely start KDE session from a Windows PC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Summerfied wrote:
Nigel Wade wrote:

Sundarapandian A wrote:

There is one more easy way of doing this. Just follow the steps below

1) Make sure you have XFree86 with cygwin is installed on your XP, ssh
is available on XP machine <you can use telnet also>, X server is
running on linux/unix host, sshd is running on linux/unix host.
2) Make sure your <cygwin dir>/usr/X11R6/bin is specified in PATH then
start X Windows using the command "XWin.exe -fullscreen -clipboard
-unixkill -nowinkill"
3) Now you will get XWindows sceen without any applications or window
(You can use ALT+TAB to switch between windows and XWindows)
4) Start xterm on your XP machine (terminal will appear on xwindow screen) 5) On the command prompt of xterm say "xhost <linux/unix server name or IP>"
6) Now on xterm type the command "ssh <username@linux/unix
servername>" enter password to complete the login
7) On the xterm now type "export DISPLAY=<windows XP hostname/IP>:0.0
8) Now on xterm execute "startkde &"
9) Boooom!! now you'll see KDE on your XP machine!!!!



Boooom!! - anyone else who can login to your Linux box can see everything you do, and type. Only do this if security isn't an issue for you.

How is this Nigel?
Can you suggest a better way, and explain why it's better?





The reason is that "xhost host" permits any X client from host "host" to connect to your X server, irrespective of who is executing that client. That X client is permitted to to anything - post modal windows to block the display, receive keyboard events etc.

The way to allow certain clients to connect, whilst refusing others, is to use xauth and the standard MIT_MAGIC_COOKIE. Clients which are unable to supply the correct cookie for the server will be refused connection. This is only as secure as the filesystem security on any system which holds the xauth files for clients which are allowed to connect.

ssh X11 forwarding is no more secure in this respect than xauth - it uses xauth on the client. It simply provides a secure tunnel over the network between the client and the server. Any user who has access to the xauth file containing the cookie can use that tunnel.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@xxxxxxxxxxxx
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux