Bugtraq mailing list archives
Re: SSH & xauth
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Sun, 27 Feb 2000 20:01:41 -0700
All children of the SSH connection are able to tunnel X11 sessions through the X tunnel to the client X11 session. This is accomplished by running xauth upon logging in.I'm really suprised this is still the default. I've heard mention of this at least 4 years ago, and have seen trojaned SSH servers around _since then_ that do logging of client X11 keystrokes - probably the best place to accomplish this. The problem seems to be that the authors have not figured out that this isn't a good default, perhaps for convenience's sake. This suprises me, since people DO know about this. I think the argument is really convenience vs. security (well, thats always the argument isn't it?). alias ssh="ssh -x"
Earlier, bugtraq was told that all ssh versions including openssh automatically tunnel X. This is not correct. openssh has that turned off by default.
Current thread:
- Re: SSH & xauth, (continued)
- Re: SSH & xauth Robert Watson (Feb 25)
- Re: SSH & xauth Lionel Cons (Feb 28)
- Re: SSH & xauth David Pybus (Feb 26)
- Re: SSH & xauth Robert Watson (Feb 28)
- xterm log file vulnerability Morten Welinder (Feb 29)
- false alarms by real secure Danton Nunes (Feb 29)
- New ZZ Posted Simple Nomad (Feb 29)
- DOS in Trendmicro OfficeScan cerberus (Feb 26)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 27)
- Re: SSH & xauth Oliver Friedrichs (Feb 25)
- Re: SSH & xauth Theo de Raadt (Feb 27)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 28)
- Serv-U FTP-Server v2.4a showing real path Berk Ulsoy (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)
- Re: SSH & xauth Niels Provos (Feb 28)
- Re: SSH & xauth Theo de Raadt (Feb 27)
- Re: SSH & xauth Brian (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 25)