Securing Remote Connection Through SSH

Asked by MyLeftFoot on 2006-05-06

Section 2.6 of the GDM Overview talks about Securing Remote Connection Through SSH.

http://www.gnome.org/projects/gdm/docs/2.14/overview.html

In Dapper is GDM compiled with the option --enable-secureremote? And if so how do I use it?

Regards,
 - lefty

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu gdm Edit question
Assignee:
No assignee Edit question
Last query:
2006-05-06
Last reply:
2007-07-27
Dennis Kaarsemaker (dennis) said : #1

> In Dapper is GDM compiled with the option --enable-secureremote?

DEB_CONFIGURE_EXTRA_FLAGS := --disable-dependency-tracking
--localstatedir=/var/lib --with-selinux --enable-secureremote=yes
--with-xdmcp --disable-scrollkeeper --with-prefetch=yes
--with-defaults-conf=/etc/gdm/gdm.conf
--with-custom-conf=/etc/gdm/gdm.conf-custom

So: yes it is.

Sebastien Bacher (seb128) said : #2

no, it's not, the menu item is sort of hack and not marked as translatable, not something to push without translation just before dapper

Bogdan Butnaru (bogdanb) said : #3

Any new info on this? I'd really like to be able to do a remote login and unsecure XDMCP is not possible.

Is there any way to sort of manually forward an X display through ssh and have the remote session manager take control of it? I'm ready for some hacking on GDM if necessary, but I do need a few pointers before.

(My situation is simple: I have a laptop I do most of my work on (because it's with me all the time) and a computer at work that just happens to have a better display; I'd like to use it pretty much as a dumb terminal.)

Bogdan Butnaru (bogdanb) said : #4

I forgot to mention again: I'm using Feisty here.

Bernard Banko (beernarrd) said : #5

Try this one:
http://people.w3.org/~dom/archives/2005/09/setting-up-a-secure-remote-x-session-with-gdm/

Quoting possible solution:
usr/local/bin/ssh-session:

#!/bin/bash

TARGETHOST=`zenity --title "Host to connect to" --entry --text "Enter the name of the host you want to log in to"`
#@@@ should probably get a user name too; I don't need it so didn't set it up that way
#@@@ should it do an ssh-add so the user doesn't have to enter its passphrase again?
SSH_ASKPASS=/etc/alternative/ssh-askpass /usr/bin/ssh -A -X -T -n "$TARGETHOST" /usr/bin/x-session-manager

The other file is the one responsible to linking that session manager from GDM; it’s a simple .desktop file, which I placed at

/etc/dm/Sessions/ssh.desktop:

[Desktop Entry]
Encoding=UTF-8
Name=SSH
Comment=This session logs you into a remote host using ssh
Exec=/usr/local/bin/ssh-session
Type=Application

Can you help with this problem?

Provide an answer of your own, or ask MyLeftFoot for more information if necessary.

To post a message you must log in.