On 9/16/07, <b class="gmail_sendername">Peter Watkins</b> <<a href="mailto:peterw@tux.org">peterw@tux.org</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Sun, Sep 16, 2007 at 08:47:24PM -0700, Doug Young wrote:<br>> OK...in a terminal window on the backend:<br>><br>> [user@backend]$ xhost+<br>> [user@backend]$ ssh frontend<br>> [user@frontend]$ export DISPLAY=backend:0
<br>> [user@frontend]$ nvidia-settings --ctrl-display=:0<br>><br>> That should do the trick...does for me.<br><br>You mean "xhost +". "xhost +frontend" would be better, but that's a<br>horribly insecure technique and should only be used if you trust every
<br>other device on your network *and* you've given up on making SSH's X<br>tunneling work properly. And even then, you should run "xhost -" on<br>backend to close the hole once you're done.<br><br>(Hopefully this wouldn't even work; hopefully backend would be
<br>running a packet filter "firewall" that would block incoming<br>connection attempts to TCP/6000 *and* would run X11 on Unix sockets<br>instead of TCP sockets. Doug, are you really running a distro whose<br>X server listens for TCP connections?)
<br><br>-Peter<br></blockquote></div><br>Yes, and no...<br><br>All my machines sit behind a firewall that I trust (except the firewall itself)...so yes, I trust all 13 machines on my -intranet-. I honestly see very little reason to encrypt traffic between my television machines. My personal data is plenty protected...the worst someone is going to do is break into my database and make me miss a couple episodes of Bones...I think I might live through that.
<br><br>Honestly, in the 4 years since I set it up, my intranet has been intrusion free (my firewall has been probed, prodded, and poked a few times, but that's about it) and virus free. That's 10 windows boxen and 3 Linux (plus the firewall, but I count that different because for all it's a box, it's more an appliance than a machine that gets used). I don't run much internal security, because I want to see what my kids are doing, I want to be able to look over their shoulders via VNC, etc. If I want to come -in- from the outside, I use SSH tunnels to get through the firewall, but internally, we're trusted.
<br><br>Make sense?<br>-- <br>Doug<br><br>