Subject:   Do not use XWindows across network WITHOUT ssh
Date:   2003-04-07 20:21:36
From:   csoto
XWindows sends every key click and mouse action across the network, in the clear. This is bad. No big deal if it's localhost, but skip all of the xhost & DISPLAY stuff.

Here's a quick HOW-TO (assuming you're using OpenSSH or a similar build, like that on Solaris or HP-UX):

-Modify /etc/ssh/sshd_config on the REMOTE HOST so that it says "X11Forwarding yes" (remove the # at the front) [you probably have to be root, so use su or sudo]
-Restart the REMOTE HOST [yes, there are other ways, but I have no way of knowing whether your sshd is started by rc scripts or inetd, so this method always works :) ]
-Modify /etc/ssh/ssh_config (note the missing 'd') on the LOCAL HOST (the Mac on which you're running X11) so that it says "ForwardX11 yes" (remove the # at the front) [you can skip this, but it means you will have to remember to use the -X option any time you run ssh ]

Now, when you connect to the remote host, use this command:

ssh -X user@remotehost

You can skip the -X if you modified your Mac's /etc/ssh/ssh_config as above.

Note that not all X clients will work in tunneled SSH sessions. See under "X Forwarding" for some possible reasons and solutions.

Interestingly, X11 for Mac OS X seems to be more compatible with my Sun, SGI, Linux and HP-UX hosts than they are with each other. HP-UX clients particularly barf when I access them on the Sun. It's so nice having a wireless Unix laptop :)


