Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] Re: remote X and firewalls


\begin{chesty}
> The idea is to only let certain users through, not just certain ip addresses.

xauth cookies do this.

in an office/lab environment, the easiest thing to do is use NFS
/home's. then you just make sure DISPLAY is set correctly.

for other places, just setup a simple script that copies the cookie
across, then starts the app. exactly like rstart, except using ssh
rather than rsh/rstartd.


\begin{Ben Leslie}
> > redirecting over ssh - probably the most secure. the encryption slows
> > things down a bit.
> 
> Wouldn't the compression options available in ssh make up any slow down?

yes, if the network is your bottleneck. i was thinking of my office here
at work, where the sparc classics don't really have the cpu grunt to
keep the encrypted throughput anywhere near the 10Mb network speed.

over a modem, i would still expect lbxproxy to give ssh compression a
run for its money. best would be lbx over ssh compression, but thats
just getting silly.

-- 
 - Gus