Results 1 to 6 of 6

Thread: Security

Hybrid View

  1. #1
    Junior Member
    Join Date
    Dec 2003
    Posts
    3

    Security

    Hi Gurus,

    I just installed Knoppix 3.3 on my HDD. It works incredibly well, but I have a problem with the security level. I do use Knoppix to connect on other unix servers (Sun, HP, ...) and develop on those machines. The trouble is that a telnet works ok but I can't run any graphical interface because of DISPLAY not reachable. However, I have defined and exported the DISPLAY as found in 'ifconfig'. I have also enabled external display through 'xhost +'. Finally, I've found in /etc/hosts.allow and /etc/hosts.deny that the config was set up as 'PARANOID'. I've renamed both files (according to the man page, lack of file opens the connection). As long as I do not run a server but a workstation, security is not a major constraint for me. I'm missing a config file somewhere to enable DISPLAY to pass through but where. While testing, I realized that even assigning the IP address to the user knoppix (rather than the hos name) causes the same problem.

    Could anyone help on this ?

    TIA,

    Pierre

  2. #2
    Senior Member registered user
    Join Date
    Nov 2003
    Posts
    361
    Umm, why would you want to use telnet in the first place ?
    ssh is safer and it is handy also in places where you don't need security.

  3. #3
    Junior Member
    Join Date
    Dec 2003
    Posts
    3
    Quote Originally Posted by windos_no_thanks
    Umm, why would you want to use telnet in the first place ?
    ssh is safer and it is handy also in places where you don't need security.
    Good question I didn't ask myself, but I assume it would make no difference in the current situation: graphical apps can't open the display and do abort. You could test it youself:

    1) 'ifconfig' to determine your IP address
    2) export DISPLAY=IP address:0.0 (192.168.1.10:0.0 for example)
    3) 'xclock' returns Error: Can't open display: ...

    Any idea?

    TIA,

    Pierre

  4. #4
    Senior Member registered user
    Join Date
    Feb 2003
    Location
    Nova Scotia, Canada
    Posts
    2,479
    Quote Originally Posted by pierrevn
    Quote Originally Posted by windos_no_thanks
    Umm, why would you want to use telnet in the first place ?
    ssh is safer and it is handy also in places where you don't need security.
    Good question I didn't ask myself, but I assume it would make no difference in the current situation: graphical apps can't open the display and do abort. You could test it youself:

    1) 'ifconfig' to determine your IP address
    2) export DISPLAY=IP address:0.0 (192.168.1.10:0.0 for example)
    3) 'xclock' returns Error: Can't open display: ...

    Any idea?

    TIA,

    Pierre
    You are looking for the setting nolisten tcp in the file /etc/kde3/kdm/Xservers if you are doing this in KDE.

    [edit]
    You would have to restart kdm for the changes to take effect with /etc/init.d/kdm restart as root this best done from a console login unless you want to lose any unsaved work when KDE re-starts.
    [/edit]

  5. #5
    Junior Member
    Join Date
    Dec 2003
    Posts
    3
    Thanks to you, Stephen: I removed this 'nolisten tcp' from the file and it works now as I expect. Great!

    Cheers,

    Pierre

  6. #6
    Senior Member registered user
    Join Date
    Nov 2003
    Posts
    361
    Quote Originally Posted by pierrevn
    Quote Originally Posted by windos_no_thanks
    Umm, why would you want to use telnet in the first place ?
    ssh is safer and it is handy also in places where you don't need security.
    Good question I didn't ask myself, but I assume it would make no difference in the current situation: graphical apps can't open the display and do abort. You could test it youself:

    1) 'ifconfig' to determine your IP address
    2) export DISPLAY=IP address:0.0 (192.168.1.10:0.0 for example)
    3) 'xclock' returns Error: Can't open display: ...

    Any idea?

    TIA,

    Pierre
    I see you already got it working but using ssh should have made a difference. Using the -X switch (by default on in knoppix so you usually don't need to specify it) ssh forwards the
    X connections through the encrypted pipe. The application on the remote machine thinks
    it is using a display on the same machine, your X-server also thinks the application is on the
    same machine as itself and everyone is happy.

Similar Threads

  1. Security
    By eadz in forum Hdd Install / Debian / Apt
    Replies: 11
    Last Post: 11-04-2010, 09:02 PM
  2. Hdd Security
    By NetKatz in forum Hdd Install / Debian / Apt
    Replies: 2
    Last Post: 05-02-2004, 02:38 PM
  3. security
    By RNK in forum Customising & Remastering
    Replies: 13
    Last Post: 04-29-2004, 12:37 PM
  4. Security and apt-get
    By Edix in forum Hdd Install / Debian / Apt
    Replies: 1
    Last Post: 11-10-2003, 08:20 PM
  5. security
    By kipizit in forum General Support
    Replies: 1
    Last Post: 11-07-2003, 03:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •