a ssh x11 problem
Daniel Stone
daniel at fooishbar.org
Fri Jan 21 00:07:01 UTC 2005
On Thu, Jan 20, 2005 at 12:35:59PM -0800, Hudson Delbert J Contr 61 CS/SCBN wrote:
> is it absolutely neccesary to forward X. i never do so
> as any machine i can access via ssh doesnt require X
> and i would never do it on some one else's system w/out
> permission. its not a harmless connection as the opens the
> for all sorts of keyloggers, addy and connection hijacking
> ip stack coding violations and corruption by java and others
> like it. its not clever it dangerous if we are talking an enterprise.
> i cant think of a single firm of any size that would allow this type
> shenanigans.
SSH X forwarding is not harmful. Opening up your X server to the world via
(e.g.) TCP connection and then using standard X authentication is a very, very
bad idea, as it's woefully insecure. But, with SSH X forwarding, the only way
someone could compromise your X session through keyloggers, et al, is if they
have access to the remote machine, at which point you have already lost (I have
absolutely no idea what 'ip stack coding violations and corruption' are, apart
from a random string of non-sequiturs).
I think you'll find a huge number of large corporations who do SSH X forwarding.
Because there's nothing wrong with it. It's tunneled for a single session, over
a secure connection.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050121/a818bad6/attachment.sig>
More information about the ubuntu-users
mailing list