[TriLUG] question 2: ssh tunneling with putty
Jeremy P
jeremyp at pobox.com
Wed Feb 20 10:16:17 EST 2002
On Wed, 20 Feb 2002 gregbrown at mindspring.com wrote:
> What about if I redirect my display after ssh'ing in then start
> another xterm? Is the encryption inherited to that new shell which
> started when I executed the xterm & command?
Never "redirect" your display by setting the DISPLAY= environment
variable. That will cause an unecrypted X connection, and require you to
fool around with xhost, etc. Instead, enable SSH's X display forwarding
mechanism. SSH will then set the DISPLAY variable for you, to something
like servername:10, where server is the remote host (the remote end of the
tunnel). This makes sure that all X traffic is encrypted.
Yes, if you start an xterm from the Putty session, that xterm's traffic
will be encrypted, and any other X applications you start. This is
because all of the apps will be using the special DISPLAY setup by ssh,
which always sends the data through the encrypted tunnel.
The key to this: NEVER mess with the DISLPAY variable! If ssh isn't
setting it properly, examine your ssh configuration on both the client and
server to make sure X11 forwarding is enabled.
--Jeremy
More information about the TriLUG
mailing list