[mythtv-users] Enabling remote X display???

Doug Young goofdad at gmail.com
Mon Sep 17 04:29:51 UTC 2007

On 9/16/07, Peter Watkins <peterw at tux.org> wrote:
> On Sun, Sep 16, 2007 at 08:47:24PM -0700, Doug Young wrote:
> > OK...in a terminal window on the backend:
> >
> > [user at backend]$ xhost+
> > [user at backend]$ ssh frontend
> > [user at frontend]$ export DISPLAY=backend:0
> > [user at frontend]$ nvidia-settings --ctrl-display=:0
> >
> > That should do the trick...does for me.
> You mean "xhost +". "xhost +frontend" would be better, but that's a
> horribly insecure technique and should only be used if you trust every
> other device on your network *and* you've given up on making SSH's X
> tunneling work properly. And even then, you should run "xhost -" on
> backend to close the hole once you're done.
> (Hopefully this wouldn't even work; hopefully backend would be
> running a packet filter "firewall" that would block incoming
> connection attempts to TCP/6000 *and* would run X11 on Unix sockets
> instead of TCP sockets. Doug, are you really running a distro whose
> X server listens for TCP connections?)
> -Peter

Yes, and no...

All my machines sit behind a firewall that I trust (except the firewall
itself)...so yes, I trust all 13 machines on my -intranet-.  I honestly see
very little reason to encrypt traffic between my television machines.  My
personal data is plenty protected...the worst someone is going to do is
break into my database and make me miss a couple episodes of Bones...I think
I might live through that.

Honestly, in the 4 years since I set it up, my intranet has been intrusion
free (my firewall has been probed, prodded, and poked a few times, but
that's about it) and virus free.  That's 10 windows boxen and 3 Linux (plus
the firewall, but I count that different because for all it's a box, it's
more an appliance than a machine that gets used).  I don't run much internal
security, because I want to see what my kids are doing, I want to be able to
look over their shoulders via VNC, etc.  If I want to come -in- from the
outside, I use SSH tunnels to get through the firewall, but internally,
we're trusted.

Make sense?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20070916/6cd418d2/attachment.htm 

More information about the mythtv-users mailing list