Subject: Re: ssh - are you nuts?!?
To: None <>
From: Luke Mewburn <>
List: tech-security
Date: 12/21/2000 00:45:59
On Wed, Dec 20, 2000 at 05:35:32AM -0800, wrote:
> > I've never had any trouble.  In fact, I received your message via a 
> > forwarded POP3 connection, and will send the reply via a forwarded SMTP 
> > connection....
> > 
> I guess I should be clearer. For a professional like yourself,
> this seems to be a good "thing". But in practice, isn't this feature
> more of rarity for the average user? Given, of course, that SSH2
> is not really that pervasive?

ssh port forwarding is present in SSHv1.  A lot of people use ssh port
forwarding and ssh X11 port forwarding & X11 cookie munging, even in

One of the more difficult problems in using X11 ``securely'' between
machines is passing xauth cookies and $DISPLAY variables between
hosts. Many years ago I devised a scheme (*) to encode $DISPLAY and the
xauth cookie into $TERM to abuse the $TERM passing in rlogin and
telnet. However, this wasn't a very optimal solution, and ssh does a
much better job of doing this. ssh also creates a `per session' xauth
cookie which is useful if your X server runs for a long time and you
only want to maintain a valid xauth cookie for the duration of that
session (as opposed for the duration of the X servers life, which may
be much greater than the time that you were connected to any given

(*) and I know other people did similar hacks over the years.
Mine managed to fit $DISPLAY and the xauth data and $TERM into
~ 63 bytes of ASCII text, but required the remote machine have a
perl script to decode $TERM back into $TERM/$DISPLAY/xauth.
Once I started using ssh a few years ago my use of this hack
effectively stopped :-)

Luke Mewburn  <>
Luke Mewburn     <>
Wasabi Systems - providing NetBSD sales, support and service.