How to use SSH to forward X into local

There are various way to get something run remotely but give the control back to local..

err.. in other word.. get the display to local instead of remote… but process actually running on remote..

there are tools like.. VNC, Open NX , Exceed.. and many more..

but the simplest one turn out to be .. with SSH tunneling :

ssh -X user@host.namran.net

or ..

ssh -Y user@host.namran.net

from there.. just run the command..

“xclock”

“firefox”

and whatsoever.. ๐Ÿ™‚

.. from the SSH manual ..

” -X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
userโ€™s X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.

For this reason, X11 forwarding is subjected to X11 SECURITY
extension restrictions by default. Please refer to the ssh -Y
option and the ForwardX11Trusted directive in ssh_config(5) for
more information.

-x Disables X11 forwarding.

-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
subjected to the X11 SECURITY extension controls.

p/s : .. being local does NOT mean that we can’t be anywhere else.. ๐Ÿ™‚

Related Post

6 Responses

  1. dotsha says:

    The problem is:

    1) Most aunty and uncle types will never know how to log into their router and disable it. Not entirely a big problem as they are okay with the default settings, BUT …

    2) … At that time, TM set a standard “admin123” (not exact word) password, i.e. standard easy-to-guess password on all router.

    So the big hoo haa is not that TM can remote admin your router, the big hoo haa is that someone else can remote admin your router.

    For router, the impact is not so significant, worse case they can get into your personal data and copy out.

    But let’s say similar situation exists with the phone VOIP/SIP setup. So if someone “borrows” your account and makes IDD calls … and billed to you, you would not be quiet …

    Reply
  2. dotsha says:

    ALSO … it turned out later that whether the password is standard and simple, or unique and complicated makes no difference.

    There’s a bug in the firmware of that router that lets someone remotely download the settings without having to provide an administrator id and password! ๐Ÿ˜Ž

    Reply
  3. namran says:

    haha.. that’s make sense to either replace this DLink DIR-615 or change it to support use custom router instead.

    However , TM had disabled it from the menu by now.
    plain locked up ? was thinking is it worth to re-flash with original firmware or not just because some script inside /www/bsc_wan.php got commented out?

    Reply
  4. dotsha says:

    I think original dlink firmware doesn’t have the pppoe over vlan support. this I’ve custom done for tm.

    And so far if you flash it with dd-wrt, tv stops working.

    the other way is to set it to bridged mode + vlan tagging, and use back your old router. or is that the option tm disabled?

    Reply
  5. dotsha says:

    I think original dlink firmware doesn’t have the pppoe over vlan support. this is custom done for tm.

    And so far if you flash it with dd-wrt, tv stops working.

    the other way is to set it to bridged mode + vlan tagging, and use back your old router. or is that the option tm disabled?

    Reply
  6. WeeMeng says:

    Anyone can let me know what is the user and password to login to my Dlink .

    and would like to know anyone have try to set up wifi router ? ( i am thinking to use my 3Com router instead of this DLink )

    Thanks
    WM

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *