[NMLUG] ssh X forwarding

Robbins, Wesley L nmlug@swcp.com
Wed, 7 Nov 2001 11:09:16 -0700

I guess I need to simplify this a little.
He said the magic phase "for my customer"
Not for my home network.  These are totally 
different situations.

"If you are creating a setup for a customer."
Not your home network were you and maybe a buddy 
log into it.

If you allow your general users to use X11 
forwarding into the network there home system 
could be already "hacked". Now if that person 
on the inside thought it would be cool to put a
say a redhat 5.0 in your customers network and 
is ssh to it. Your sshd system and firewall 
you spent sooo much time on will now be worthless.
An idiot could get in. Using some of the 
scripts people have made and put on the web.

I would also suggest reading on some of the security 
websites about possible risks when using openssh. Most
of the commercial versions have fixed the "possible 
treats" people have come up with.  I disagree with 
allot of the vanilla setup configs that come with 
OpenSSH.  This is me.  I like to use key files. and 
know your host.  Which OpenSSH choose to leave open 
by default.

To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html