Securing SSH
Aldo Foot
lunixer at gmail.com
Tue May 23 20:00:29 UTC 2006
I agree, one should never use xhost +, this undoes all the work done by the
-X or -Y ssh options.
In fact using ssh -Y user at remote is good enough.
The -Y option is for *trusted* X11 connections.
Also as mentioned earlier the file .ssh/authorized_keys must be set to
perms 600 in
conjunction with the "StrictModes yes" in sshd_config.
~af
On 5/23/06, Paul Howarth <paul at city-fan.org> wrote:
>
> On Tue, 2006-05-23 at 14:01 -0400, Ed Gurski wrote:
> > You can also transfer your X-windows apps to your local system by doing
> > the following:
> >
> > On your system:
> >
> > xhost + (allows remote X apps)
> > ssh -Y remote_computer -p the_new_port
> >
> > Now once logged in, you can test this using :
> >
> > xclock
> >
> > You should then see the Xclock on your system from the remote system.
>
> You shouldn't need the "xhost +" to do this. To your local X server, the
> connection appears to be coming from your own host when you use ssh this
> way, not the remote host.
>
> Paul.
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060523/ce7a0432/attachment-0001.htm>
More information about the fedora-list
mailing list