The unix command
ssh is a replacement for
that provides better security and other nice features.
It compresses X windows traffic for X clients started in an
ssh session and also take care of setting the
environment variable and handling X authentication. Thus running X windows
clients from one machine to another becomes much easier.
All users should stop using
rlogin (or the related command
remsh) and start using
ssh you first have to make an ssh key by running
ssh-keygen. This program will ask for a "passphrase",
which unlike a regular unix password can be a lot longer than 8 characters.
You use this ssh passphrase instead of your regular unix password
when doing remote logins with ssh. You still use your regular unix password
to log in to a workstation at the console.
After you have successfully created an ssh key, it will be in the file
~/.ssh/identity.pubyou also want to copy it to the file "authorized_keys" in the same directory
cp ~/.ssh/identity.pub ~/.ssh/authorized_keysThis will allow you to log into any of our HP workstations from any other of our HP workstations using
sshwithout typing your ssh passphrase.
Now to do a remote login just say, for example,
ssh minnehahaThe first time you do this,
Host key not found from the list of known hosts. Are you sure you want to continue connecting (yes/no)?Type "yes" (not just "y") and you will be logged in. This message will not appear in subsequent logins to the same machine. It will appear once for each different machine.
To run an X windows program across the network, just invoke the program
on the remote host. It just works without setting the DISPLAY environment
variable on the remote host or invoking
xhost on the local host.
All users should also stop using the
rcp (remote copy) command.
There is a replacement in the ssh family called
scp it works
rcp but with ssh authentication. If you can do
a remote login without typing your passphrase with
you can also do a remote copy with
All users should also stop using the
We are now running so-called "xauth" authentication, which allows only the user logged in at the console to make X client programs that talk to the X server controlling the screen. The former system, so-called "xhost" authentication allows any user logged into the machine to make such connections and see anything you do on the computer.
You can tell if the computer is using only xauth authentication by issuing
xhost with no arguments. It should say
access control enabled, only authorized clients can connectIf instead it says
access control enabled, only authorized clients can connect localhost minnehaha.stat.umn.eduor says anything else after the first line, you are wide open to anyone who wants to spy on you. Either you have done an
xhostcommand with arguments or some "helpful" program has done it for you. Issuing the commands
xhost -localhost xhost -minnehaha.stat.umn.edu(appropriately changed to match the output of
xhost) will shut that door.
If after doing that you can no longer create X windows, log out, restart the X server using the "Restart Server" choice on the "Options" menu. Occasionally, after doing this, the first login you try fails. Try several times before complaining to the system administrators. When you have logged in, X should work properly.
If you use
ssh, then you don't need to know anything
xauth. It just works.
If you must use
rlogin, because you are going to a
remote host that doesn't have
ssh installed, then
you need a trick, which this section explains.
To do a remote login, say to a machine
to which you can login using
rlogin without a password
(because of an
.rhosts file on the remote machine), you
use the following sequence of commands
minnehaha% xauth.propagate blurfle.foo.bar.edu minnehaha% rlogin blurfle.foo.bar.edu blurfle% setenv DISPLAY minnehaha.stat.umn.edu:0.0 blurfle% xterm &creates an X client running on the remote machine displaying on the local machine.
Of course this is only an example. In practice you will have to
blurfle.foo.bar.eduin the example, to the actual remote host.
minnehaha.stat.umn.eduin the example, to the actual local host.
DISPLAYenvironment variable if you are not using
tcshas your shell on the remote host.
xtermin the example, to the actual program you want to run.
rlogincommand appropriately. For example, if your username on the remote host is
wumpusand is different from your username on the local host, the first two lines of the example become
minnehaha% xauth.propagate blurfle.foo.bar.edu -l wumpus minnehaha% rlogin blurfle.foo.bar.edu -l wumpus
rloginat all, must use
telnet, for example, to get to the remote host, then you cannot use
xauth.propagate. You will have to read this shell script, see how it works, and accomplish the same thing using
If worst comes to worst, you can always use "xhost" authentication, but don't complain if you then have a security problem.