Bugtraq mailing list archives
Re: SSH & xauth
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Thu, 2 Mar 2000 05:53:55 -0800
In message <20000228150226.A19949 () ruff cs jmu edu>, Brian writes:
Ok, just to make sure everyone completely understands my previous post about SSH & xauth.
[edited out]
For absolute security, a client should always give out trust in the smallest portions available. Trusting X tunneling by default is not a good idea, and should be turned off. As stated in previous postings, if you must use X, use Xnest.
Another alternative would be to use xforward or xroute. Both are capable of notifying you of incoming X connections and you can allow or deny each one specifically. The downside however, is that with either you need to trust the host that your X server is running on, e.g. xhost x_server_machine. If you're using a desktop system that isn't used by anyone else, you should be O.K. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert () uumail gov bc ca UNIX Group, ITSD, ISTA Province of BC "COBOL IS A WASTE OF CARDS."
Current thread:
- Re: SSH & xauth Peter Wemm (Feb 29)
- <Possible follow-ups>
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Mar 02)