Starting an X11 client on another machine, without ssh

[Bill Freeman]

> 
> 
> > It's still overkill to force X11 through the encrypted pipe.
> 
> My understanding of X leads me to believe that as long as your clients
> can authenticate themselves to the server (and you've rigged your server
> such that it's willing to talk to anybody, local or remote, who can open
> a socket to it) then it really doesn't matter what launch mechanism (ssh,
> telnet, rsh, etc) you use to reach over to the client's host in order to
> launch your clients because once they're launched and they've opened their
> independent socket back to the server that launch mechanism is no longer
> in play, so even if it's complex or heavyweight it's only for a moment.
> 
> Of course, that puts the burden on you to setup all the authentication in
> a way that's independent and will survive the launch mechanism (unlike,
> say, ssh's tunnels and auth forwarding) and I'm guessing you're missing
> your xon tool because it handled all of that for you.  I'd say let us
> know if you find such but, AFAIC, the generality and security of SSH
> make it worth the overhead...

No.  When you take the easy way out and run "ssh foo at bar -Y", the established
X connection runs through an encrypted tunnel, incurring a performance penalty.
Also, sshd must continue to run (two processes) on the client, bash must
continue to run on the client, and ssh must continue to run on the host.
That isn't just heavy weight establishment, but a continued drag.

And, no, it's unnecessary to open the server to everyone.  There are a number
of host or cookie based means to limit who can connect.

Bill