Subject: Re: F-Secure SSH, secure X, etc
From: Roy Smith (roy@aoraki.ece.ucsb.edu)
Date: Fri Nov 05 1999 - 12:11:38 MST
Hi Jason,
I use this feature fairly often. The way I use it is as
follows:
On the Mac:
- start an X server (I use eXodus)
- start a telnet program, presumably supporting SSH
Your options here are F-Secure SSH or maybe NiftyTelnet-SSH.
Make sure the default is set to one of the encryption
schemes (some can also do regular unencrypted telnet sessions).
- log into your remote machine, which I presume is
running Unix.
What you do on the remote depends on whether or not tunneling
is supported.
If tunneling is supported (F-Secure case I believe) you
need do nothing more. The DISPLAY environment variable
is probably set to something like: Unix_hostname:10.0
which will forward any X display commands through ssh
to the Mac. The Mac X server (eXodus) will then pop up
the appropriate window on the Mac. All X window transmissions
are then encrypted.
If tunneling is not supported (or you are logging in from
a simple telnet program without ssh), then you can still
setup the Unix DISPLAY environment variable to produce
the appropriate windows on the Mac. To do this you need
to know the IP address your Mac is using for the telnet
connection. If you are connecting via ppp and an ISP then
this changes with each connection - however almost all
telnet programs give you some form of help function for
finding it out. Alternatively you could try looking in
your Unix environment for the REMOTE variable. If you use
ADSL or ISDN your IP address is probably fixed.
On Unix set the DISPLAY environment variable by executing:
setenv DISPLAY xxx.xxx.xxx.xxx:0.0 where the xxx... is
the IP address. The exact command depends on the Unix shell
you are running. The above is good for tcsh.
Now any commands that generate new windows (eg. xemacs &)
forward them to the Mac X server and the appropriate
window is popped up on the Mac. However, the transmissions
through these windows are not encrypted - even if your
initial connection was via a telnet/ssh program. Be aware
that if you connect to a third machine with the unix command
"slogin &" the password will go unencrypted between the Mac
and the first unix machine. It is encrypted for the transmission
from the first to second unix machines, but it's a bit late
then.
However, if you are using the additional windows for non
secure things - graphics, etc., - then having telnet/ssh for
the login exchange and unencrypted windows for the rest
is reasonable.
Bottom line: you will need to buy both a telnet/SSH program
and a Mac X server.
Caveat: Using remote windows over a modem connection is
very tedious. Even at 56K it can be painful; particularly
for graphics windows. I use ADSL and generally get
much higher speeds which makes this sort of thing
reasonable at non-peak internet times.
Hope this helps.
Cheers,
Roy
"Jason P. Stanford" writes ...
> I'm not sure I fully follow a "secure X" session is handled from a Mac
> client. From a previous reply to an earlier message I had, someone had
> suggested using F-Secure SSH (+tunneling?) to create secure X sessions
> to my server, so that I would not have to share a monitor, keyboard and
> mouse. I am curious about this setup. I assume I would need to purchase
> *both* the ssh package, *and* an X server for the mac. Is this right? Do
> they work together? Or is it just that if I export the display, after
> logging in via ssh, the Mac X server will handle the GUI part of it? I
> want to be clear on how this is working. Thanks.
>
> jason
This archive was generated by hypermail 2a24 : Fri Dec 03 1999 - 19:07:32 MST