[FreeNX-kNX] nxshell...

Fabian Franz FabianFranz at gmx.de
Thu Jan 27 14:21:44 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Donnerstag, 27. Januar 2005 11:46 schrieb Marcus Schäfer:
> Hi,
>
> > > some time ago I introduced a rewritten version of nxtunnel.
> > > I'm sorry I didn't spend some thoughts on the name clash I create
> > > concering the currently public version of nxtunnel so hopefully
> > > nobody is feeling offended.
> >
> > No problem about that.
> >
> > It seems to be a very nice rewrite with very good and clear bash code.
>
> Thanks that's because it was not easy to read and understand
> the nxtunnel code :-)

Yes, I agree.

>
> > However I'm missing the improvements, we made in the last version of
> > nxtunnel
> >
> > - - namely the usage of ssh -X as a channel for communication
> >
> > It seems to still use the old way of guessing a socket, but this could
> > also just be old and obsoleted code, I just today took a very quick view
> > on it.
>
> Hmm, do you mean the local communication between the nxproxy and the
> ssh process ? This is done in the same way using X11 port forwarding.

Ah, I might have looked to short on the code than for now.

However the main idea of the nxtunnel with ssh -X support was to completely 
get rid of the ssh-Portforwarding as its not allowed everywhere _and_ you can 
clatch ports.

Btw. How do you prevent a malicious user from getting the cookie on the 
forwared port, before your script. There might be still a race condition.

> The major difference is the synchronizing part. I'm using netcat and
> a small C written program to open the display for checking the
> availability to XOpenDisplay(). Another major difference are the
> usage of ports. All ports are forwared via ssh this solves many
> problems within masqueraded networks.

In my opinion port forwarding should not be used, but just the ssh -X tunnel, 
as its mostly allowed.

>
> Well you can find the current version on ftp, would be great if
> somebody can test it. Unfortunately I build the package for SuSE
> only so I'm quite sure there may be problems on other systems.
> I'm open for any enhancement ;)

I'll test it as soon as I can.

cu

Fabian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB+Pj8I0lSH7CXz7MRAgVCAJ9bQh1SlnFARsFLfTyd9yoWyn8osgCeM5yg
6frQTMRqW6txZX5NBTdCUsg=
=74RE
-----END PGP SIGNATURE-----

More information about the FreeNX-kNX mailing list