|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: SSH & xauth
From: Cy Schubert - ITSD Open Systems Group (Cy.Schubert
UUMAIL.GOV.BC.CA)Date: Thu Mar 02 2000 - 07:53:55 CST
- Next message: Joe Shaw: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
- Previous message: B Potter: "How to Write Secure Code"
- In reply to: Brian: "Re: SSH & xauth"
- Next in thread: Robert Watson: "Re: SSH & xauth"
- Reply: Cy Schubert - ITSD Open Systems Group: "Re: SSH & xauth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <20000228150226.A19949ruff.cs.jmu.edu>, Brian writes:
> Ok, just to make sure everyone completely understands my previous post
> about SSH & xauth.
[edited out]
> For absolute security, a client should always give out trust in the
> smallest portions available. Trusting X tunneling by default is not a
> good idea, and should be turned off. As stated in previous postings,
> if you must use X, use Xnest.
Another alternative would be to use xforward or xroute. Both are
capable of notifying you of incoming X connections and you can allow or
deny each one specifically. The downside however, is that with either
you need to trust the host that your X server is running on, e.g. xhost
x_server_machine. If you're using a desktop system that isn't used by
anyone else, you should be O.K.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubertuumail.gov.bc.ca
UNIX Group, ITSD, ISTA
Province of BC
"COBOL IS A WASTE OF CARDS."
- Next message: Joe Shaw: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
- Previous message: B Potter: "How to Write Secure Code"
- In reply to: Brian: "Re: SSH & xauth"
- Next in thread: Robert Watson: "Re: SSH & xauth"
- Reply: Cy Schubert - ITSD Open Systems Group: "Re: SSH & xauth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]