Jump to content

how to encrypt a remote X session

dirty D

Recommended Posts

i made two simple little programs to allow you to login to your machine with an encrypted X session.

this is how it works:

normally because of the way the XDMCP protocol works you cant tunnel the session through ssh this is because when you login to a remote X session your X server sends a UDP query packet to the X display manager on the remote machine and it sends some shit back to authenticate and stuff and after all that the X display manager on the remote machine connects by TCP to the addresss that sent the UDP query packet(you) to start the remote X session, you can see the problem with tunneling that as you cant make the X display manager connect to a tunnel on, thats why i had to make this program, a remote X session is just way much better than any VNC. so what i had to do was trick the XDM into thinking that the query was coming from the same machine so that it connects to a tunnel on set up to forward the traffic to our machine. so what i did was have two programs one on our computer and the other on the remote XDM computer so when you want to connect to a remote session you do X :1 -query, this sends the UDP query packet to my program running on the local computer to my program running on the remote computer and then it forwards it from there to the XDM on that machine so the XDM thinks it came from the same machine, so the XDM sends the response packet right back to, and after all that UDP crap the XDM connects to our already set up ssh tunnel and badabing badaboom we got ourselves a encrypted X session.

(mind my drunkenness"

heres the basic stpes to take to get the encrypted session:

1. run "xcrpyt X.X.X.X as root where X.X.X.X is the ip of the remote machine(root because it needs to listen on port 177)

2. log onto the remote machine with ssh.

3. start xcryptd on the remote machine (root not needed)

4. set up a ssh tunnel forwarding traffic from to yourip:6001 like so "ssh -L 6001:yourip:6001 yourusername@yourip"(from the remote machine in the ssh session)

5. on your machine run "X :1 -query"

yea its a little more than just connecting and tpying your password but its encrypted and thats all that freakin matters.

source for the programs: http://www.freewebs.com/jakhole/xcrypt.tar.bz2

Link to comment
Share on other sites

  • 1 year later...

This is awesome. The guys should do a segment on this.

Segment would be to short, also this probably does not interest the viewer base.

Without wishing to hijack this thread, I'm curious, who would that viewer base be?

Scratch that, to save hijacking this thread, see http://forums.hak5.org/index.php/topic,8789.0.html.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...