[mythtv-users] Running mythsetup from a Windows PC running Cygwin
Raphael Pooser
rpooser at gmail.com
Sun Feb 12 20:05:52 UTC 2006
Michael T. Dean wrote:
> On 02/10/2006 05:00 PM, Raphael Pooser wrote:
>
>> Michael T. Dean wrote:
>>
>>
>>> Raphael Pooser wrote:
>>>
>>>> cygwin is all you need. just export display before ssh and it's even
>>>> easier, you can export DISPLAY=localhost:0, then
>>>> when you "ssh -X" it'll use your local display environment variable on
>>>> the remote machine.
>>>>
>>> Unless you're using an extremely old (and insecure) version of OpenSSH,
>>> it should be "ssh -Y". The "-X" option enables X11 forwardig, but the
>>> "-Y" option enables "trusted" X11 forwarding. Myth requires a "trusted"
>>> connection or you'll get all sorts of "BadMatch" errors.
>>>
>>>
>> With the most up to date and secure open ssh and with -X, mythfrontend
>> seems to respond fine for me.
>>
> And those BadAtom/BadWindow/BadMatch errors you got in the terminal
> don't mean that mythfrontend is trying to use X resources to which the
> OpenSSH X11 proxy server is refusing access. After all, it would be
> crazy to print those errors if they were actually errors. So, you're
> probably right, OpenSSH is printing those messages even though nothing
> is wrong...
>
lol; I know, it's horrible to do what you want on a computer especially
when it works despite these errors. Yes I have seen these get printed
in the console from time to time but it does nothing to affect the
stability of the remote machine. This is called least privilege. If
the program doesn't need these privileges to function, then deny it
access to them. If the program fails under these conditions, then grant
it the privileges. By the way, we aren't talking about using any
features of mythfrontend here, we're talking about mythtv-setup. A much
simpler thing. Try and watch TV through an SSH tunnel using
mythfrontend and -X and yes, you are going to have problems. Namely a
crash. But I never said mythfrontend works fine did I, since the
subject of the thread is mythtv-setup.
>> I even tested out running mythtv-setup.
>> Trusted would be needed if you were connecting to a remote server say,
>> but even then, everything sent through the tunnel is encrypted.
>>
> Trusted X11 forwarding has nothing to do with encryption--it's purpose
> is to force you to explicitly give certain X11 server permissions to the
> X11 client that exists on the other machine. Untrusted X11 forwarding
> ("-X") allows you to protect the X11 server from the X11 client (which,
> ultimately protects you).
>
exactly. My original email which you quoted didn't state the difference
clearly but the second email I sent states this. So your response here
isn't needed. However, Your original mail sounds like a doomsday warning
against using -X, which the quote above from me is meant to respond to.
>> There
>> is no danger to using -X, which us unrelated to the danger of using an
>> insecure version of openSSH.
>>
> The point I was making is that on new versions of OpenSSH, you need to
> use "-Y" for trusted X11 forwarding. Old versions used "-X", as there
> was no distinction between "trusted" and "untrusted" X11 forwarding--all
> X11 forwarding was trusted. And, *all* of the old versions of OpenSSH
> that don't distinguish between trusted and untrusted forwarding are
> insecure.
>
The point you're making is to imply that someone who thinks it's ok to
use -X must be using an insecure version of SSH - misleading to say the
least and insulting otherwise.
The bottom line is, you can run mythtv-setup using -X, I can at least
with no problems, and in fact -X is more secure over a remote connection
as you and I so aptly stated.
>> give me a break.
>>
> Break me off a piece of that Kit Kat bar.
>
see responses just above for reason the phrase "give me a break" was used.
Raphael
More information about the mythtv-users
mailing list