[NMLUG] ssh X forwarding

James Hamilton nmlug@swcp.com
Wed, 7 Nov 2001 10:21:29 -0700


Are you saying if I ssh to host 1 then to host 2 then to host 3 and forward things through that tunnel that security is degraded or are you talking about using 'xhost' to degrade security?

On Wed, Nov 07, 2001 at 10:06:16AM -0700, Robbins, Wesley L wrote:
> A little side note (I do not know your level so please 
> dismiss this if you already know this). If you allow 
> Daisy chain ssh X forwarding you greatly decrease 
> security on the internal network.  And read up on 
> allowing X11 to allow X11 protocol from another user.  
> 'xhost +127.0.0.1' is a good test but you should 
> not use it regularly.
> 
> -----Original Message-----
> From: Aaron Birenboim [mailto:aaron@boim.com]
> Sent: Wednesday, November 07, 2001 9:52 AM
> To: nmlug@swcp.com
> Subject: [NMLUG] ssh X forwarding
> 
> 
> One of my clients just changed sshd over from
> Tru64 to Linux.  Now I get a warning when I log in...
> 
> Warning: Remote host denied X11 forwarding.
> Last login: Wed Nov  7 10:49:59 2001 from helstf
> 
> Does anybody know where the problem might lie?
> Which host is remote?  The client of the server?
> i.e.  Do I need to add some more modern type
> of authentication to my X server, or does the
> sshd need to be configured to allow X forwarding?
> -- 
> Aaron Birenboim | Black holes are where G-d divided
> Albuquerque, NM |      by zero.
> aaron@boim.com  |
> boim.com/~aaron |                      -Steven Wright
> ------------------------------------------------------
> To UNSUBSCRIBE send a message to nmlug-request@swcp.com
> with only the word unsubscribe in the body.  More
> information can be found at www.nmlug.org/info.html
> -----------------------------------------------------
> 
> 
> ------------------------------------------------------
> To UNSUBSCRIBE send a message to nmlug-request@swcp.com
> with only the word unsubscribe in the body.  More
> information can be found at www.nmlug.org/info.html
> -----------------------------------------------------

-- 

James Hamilton
Southwest Cyberport
505-232-7992
------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------