Going one step further, SSH provides an enhanced
version of the tunneling facility specifically for X traffic.
To connect to a remote host using SSH, simply specify a username (chris in this
example) and host (red) in this format:
blue$ ssh chris@red
You may be prompted for your password on the remote host; you will then receive a
shell prompt on that system.
X tunneling (called X11 forwarding in the SSH documentation) may be enabled or
disabled by default, depending on the system configuration; to force it on, use the -X
(uppercase) option:
blue$ ssh -X chris@red
You can use the -x (lowercase) option to force X11 forwarding off:
blue$ ssh -x chris@red
When an X11 forwarding connection is established, SSH generates a new magic
cookie using the SECURITY extension (Sections 13.10 and 13.15), caches that on the
originating machine, sets up the tunnel to the remote system, places a dummy magic
cookie value in the remote ~/.Xauthority file, and sets the DISPLAY variable to point to
the remote end of the tunnel. It then monitors traffic coming through the tunnel and
changes any occurrence of the dummy cookie to the actual cookie.
This ensures that:
??? The cookie value is never passed unencrypted over the network.
Pages:
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294