dirty D Posted August 7, 2006 Share Posted August 7, 2006 i made two simple little programs to allow you to login to your machine with an encrypted X session. this is how it works: normally because of the way the XDMCP protocol works you cant tunnel the session through ssh this is because when you login to a remote X session your X server sends a UDP query packet to the X display manager on the remote machine and it sends some shit back to authenticate and stuff and after all that the X display manager on the remote machine connects by TCP to the addresss that sent the UDP query packet(you) to start the remote X session, you can see the problem with tunneling that as you cant make the X display manager connect to a tunnel on 127.0.0.1, thats why i had to make this program, a remote X session is just way much better than any VNC. so what i had to do was trick the XDM into thinking that the query was coming from the same machine so that it connects to a tunnel on 127.0.0.1 set up to forward the traffic to our machine. so what i did was have two programs one on our computer and the other on the remote XDM computer so when you want to connect to a remote session you do X :1 -query 127.0.0.1, this sends the UDP query packet to my program running on the local computer to my program running on the remote computer and then it forwards it from there to the XDM on that machine so the XDM thinks it came from the same machine, so the XDM sends the response packet right back to 127.0.0.1, and after all that UDP crap the XDM connects to our already set up ssh tunnel and badabing badaboom we got ourselves a encrypted X session. (mind my drunkenness" heres the basic stpes to take to get the encrypted session: 1. run "xcrpyt X.X.X.X as root where X.X.X.X is the ip of the remote machine(root because it needs to listen on port 177) 2. log onto the remote machine with ssh. 3. start xcryptd on the remote machine (root not needed) 4. set up a ssh tunnel forwarding traffic from 127.0.0.1:6001 to yourip:6001 like so "ssh -L 6001:yourip:6001 yourusername@yourip"(from the remote machine in the ssh session) 5. on your machine run "X :1 -query 127.0.0.1" yea its a little more than just connecting and tpying your password but its encrypted and thats all that freakin matters. source for the programs: http://www.freewebs.com/jakhole/xcrypt.tar.bz2 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.