ssh X forwarding change in FC3
Eli Carter
eli.carter at inet.com
Fri Jan 7 23:51:06 UTC 2005
Alan Cox wrote:
> On Fri, Jan 07, 2005 at 05:05:00PM -0600, Eli Carter wrote:
>
>>>I'm not so sure. ssh Xnest's work well
>>
>>That piques my interest... but I'm not sure I follow. Can you elaborate
>>a little? How does xnest relate to the security concerns?
>
>
> Its the standard way to isolate untrusted desktops
Thanks. That got me enough to Google with. :)
Of interest to this discussion, I found this document:
http://www.giac.org/practical/GCIH/Holger_Van_Lengerich_GCIH.pdf
I have not read this through yet, but I found this comment in the
introductory information intriguing:
"Today X11 forwarding is disabled in most default configurations of SSH.
As X11 forwarding is a very convenient feature, there always will be a
temptation for operating system distributors, system administrators and
user to enable it per default."
Hoping I'm adding signal and not noise,
Eli
--------------------. "If it ain't broke now,
Eli Carter \ it will be soon." -- crypto-gram
eli.carter(a)inet.com `-------------------------------------------------
------------------------------------------------------------------------
Confidentiality Notice: This e-mail transmission may contain
confidential and/or privileged information that is intended only for the
individual or entity named in the e-mail address. If you are not the
intended recipient, you are hereby notified that any disclosure,
copying, distribution or reliance upon the contents of this e-mail
message is strictly prohibited. If you have received this e-mail
transmission in error, please reply to the sender, so that proper
delivery can be arranged, and please delete the message from your
computer. Thank you.
Tektronix Texas, LLC formerly Inet Technologies, Inc.
------------------------------------------------------------------------
More information about the fedora-devel-list
mailing list