Security

[pierrevn]

Hi Gurus,

I just installed Knoppix 3.3 on my HDD. It works incredibly well, but I have a problem with the security level. I do use Knoppix to connect on other unix servers (Sun, HP, ...) and develop on those machines. The trouble is that a telnet works ok but I can't run any graphical interface because of DISPLAY not reachable. However, I have defined and exported the DISPLAY as found in 'ifconfig'. I have also enabled external display through 'xhost +'. Finally, I've found in /etc/hosts.allow and /etc/hosts.deny that the config was set up as 'PARANOID'. I've renamed both files (according to the man page, lack of file opens the connection). As long as I do not run a server but a workstation, security is not a major constraint for me. I'm missing a config file somewhere to enable DISPLAY to pass through but where. While testing, I realized that even assigning the IP address to the user knoppix (rather than the hos name) causes the same problem.

Could anyone help on this ?

TIA,

Pierre

[windos_no_thanks]

Umm, why would you want to use telnet in the first place ?
ssh is safer and it is handy also in places where you don't need security.

[pierrevn]

Umm, why would you want to use telnet in the first place ?
ssh is safer and it is handy also in places where you don't need security.

Good question I didn't ask myself, but I assume it would make no difference in the current situation: graphical apps can't open the display and do abort. You could test it youself:

1) 'ifconfig' to determine your IP address
2) export DISPLAY=IP address:0.0 (192.168.1.10:0.0 for example)
3) 'xclock' returns Error: Can't open display: ...

Any idea?

TIA,

Pierre

[Stephen]

Umm, why would you want to use telnet in the first place ?
ssh is safer and it is handy also in places where you don't need security.

Good question I didn't ask myself, but I assume it would make no difference in the current situation: graphical apps can't open the display and do abort. You could test it youself:

1) 'ifconfig' to determine your IP address
2) export DISPLAY=IP address:0.0 (192.168.1.10:0.0 for example)
3) 'xclock' returns Error: Can't open display: ...

Any idea?

TIA,

Pierre

You are looking for the setting nolisten tcp in the file /etc/kde3/kdm/Xservers if you are doing this in KDE.

[edit]
You would have to restart kdm for the changes to take effect with /etc/init.d/kdm restart as root this best done from a console login unless you want to lose any unsaved work when KDE re-starts.
[/edit]

[pierrevn]

Thanks to you, Stephen: I removed this 'nolisten tcp' from the file and it works now as I expect. Great!

Cheers,

Pierre

[windos_no_thanks]

Umm, why would you want to use telnet in the first place ?
ssh is safer and it is handy also in places where you don't need security.

Good question I didn't ask myself, but I assume it would make no difference in the current situation: graphical apps can't open the display and do abort. You could test it youself:

1) 'ifconfig' to determine your IP address
2) export DISPLAY=IP address:0.0 (192.168.1.10:0.0 for example)
3) 'xclock' returns Error: Can't open display: ...

Any idea?

TIA,

Pierre

I see you already got it working but using ssh should have made a difference. Using the -X switch (by default on in knoppix so you usually don't need to specify it) ssh forwards the
X connections through the encrypted pipe. The application on the remote machine thinks
it is using a display on the same machine, your X-server also thinks the application is on the
same machine as itself and everyone is happy.