Bugtraq mailing list archives

Re: SSH & xauth

From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Thu, 2 Mar 2000 05:53:55 -0800


In message <20000228150226.A19949 () ruff cs jmu edu>, Brian writes:

Ok, just to make sure everyone completely understands my previous post
about SSH & xauth.

[edited out]

For absolute security, a client should always give out trust in the
smallest portions available.  Trusting X tunneling by default is not a
good idea, and should be turned off.  As stated in previous postings,
if you must use X, use Xnest.


Another alternative would be to use xforward or xroute.  Both are
capable of notifying you of incoming X connections and you can allow or
deny each one specifically.  The downside however, is that with either
you need to trust the host that your X server is running on, e.g. xhost
x_server_machine.  If you're using a desktop system that isn't used by
anyone else, you should be O.K.

Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert () uumail gov bc ca
UNIX Group, ITSD, ISTA
Province of BC
                    "COBOL IS A WASTE OF CARDS."

Current thread:

Re: SSH & xauth Peter Wemm (Feb 29)
- <Possible follow-ups>
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Mar 02)