| openSUSE Documentation Chapter 36. SSH—Secure Network Operations / 36.7. X, Authentication, and Forwarding Mechanisms | ||||
|---|---|---|---|---|
 | 36.6. SSH Authentication Mechanisms | 36.8. Configuring An SSH Daemon with YaST |  | |
| openSUSE Documentation Chapter 36. SSH—Secure Network Operations / 36.7. X, Authentication, and Forwarding Mechanisms | ||||
|---|---|---|---|---|
| 36.6. SSH Authentication Mechanisms | 36.8. Configuring An SSH Daemon with YaST | | |
Beyond the previously described security-related improvements, SSH also
simplifies the use of remote X applications. If you run
ssh with the option -X, the
DISPLAY variable is automatically set on the remote machine
and all X output is exported to the remote machine over the existing SSH
connection. At the same time, X applications started remotely and locally
viewed with this method cannot be intercepted by unauthorized individuals.
By adding the option -A, the ssh-agent authentication
mechanism is carried over to the next machine. This way, you can work from
different machines without having to enter a password, but only if you have
distributed your public key to the destination hosts and properly saved it
there.
Both mechanisms are deactivated in the default settings, but can be
permanently activated at any time in the systemwide configuration file
/etc/ssh/sshd_config or the user's
~/.ssh/config.
ssh can also be used to redirect TCP/IP connections. In the examples below, SSH is told to redirect the SMTP and the POP3 port, respectively:
ssh -L 25:mail.example.com:25 jupiter.example.com
With this command, any connection directed to jupiter.example.com
port 25 (SMTP) is redirected to the SMTP port on
mail.example.com via an encrypted channel. This is especially
useful for those using SMTP servers without SMTP-AUTH or POP-before-SMTP
features. From any arbitrary location connected to a network, e-mail can be
transferred to the “home” mail server for delivery. Similarly,
all POP3 requests (port 110) on jupiter.example.com can be
forwarded to the POP3 port of mail.example.com with this
command:
ssh -L 110:mail.example.com:110 jupiter.example.com
Both commands must be executed as
root,
because the connection is made to privileged local ports. E-mail is sent
and retrieved by normal users in an existing SSH connection. The SMTP and
POP3 host must be set to localhost for this to work.
Additional information can be found in the manual pages for each of the
programs described above and also in the files under
/usr/share/doc/packages/openssh.
