On Monday 27 November 2006 23:49, Mikkel L. Ellertson wrote: >Gene Heskett wrote: >> Ok, but today, I logged in as gene (init=5 or whatever the gui login >> is on kubuntu, and ran it from the local keyboard out there long >> enough to carve a blast shield out of brass plate to deflect the >> ignition blast away from the bottom of the scope mounted on a T-C >> Black Diamond 50 calibre black powder rifle. So what I'm saying is >> that there was no X server running on that box until I logged in, yet >> the forwarding worked well when I ssh -X gene$shop as root here. So >> you are correct in that I don't understand it at all well. > >It is the X server on the local machine that you are trying to >connect to when you use "ssh -x" to connect to a remote machine. The >X server is the program on the local machine that drives the >display, and accepts input from the keyboard and mouse. It is fussy >about who gets to connect to it. The default setup only lets the >user who is logged into the X secession connect to it. Ssh know how >to extend that permission to a remote machine, but only for the user >it connects to the remote machine as. When you change users on the >remote machine, you lose that permission. > >The reason for this is that with the right program, you can capture >every key stroke and mouse movement that the X server sees. In the >past, when X security was a lot more open, you would sometimes get >people logging into a machine remotely, and running that would >connect to the local X display. You could be peacefully working and >get all kinds of strange things popping up on your screen. Or >someone could take over your cursor, and start doing things on your >desktop. (The x2x program works well for this.) I got it I believe. Many thanks, Mikkel. >Mikkel >-- > > Do not meddle in the affairs of dragons, >for thou art crunchy and taste good with Ketchup! -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
