mailing list archives
Re: SSH & xauth
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Thu, 2 Mar 2000 05:53:55 -0800
In message <20000228150226.A19949 () ruff cs jmu edu>, Brian writes:
Ok, just to make sure everyone completely understands my previous post
about SSH & xauth.
For absolute security, a client should always give out trust in the
smallest portions available. Trusting X tunneling by default is not a
good idea, and should be turned off. As stated in previous postings,
if you must use X, use Xnest.
Another alternative would be to use xforward or xroute. Both are
capable of notifying you of incoming X connections and you can allow or
deny each one specifically. The downside however, is that with either
you need to trust the host that your X server is running on, e.g. xhost
x_server_machine. If you're using a desktop system that isn't used by
anyone else, you should be O.K.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert () uumail gov bc ca
UNIX Group, ITSD, ISTA
Province of BC
"COBOL IS A WASTE OF CARDS."
- Re: SSH & xauth Peter Wemm (Mar 01)
- <Possible follow-ups>
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Mar 02)