[NMLUG] ssh X forwarding

James Hamilton nmlug@swcp.com
Wed, 7 Nov 2001 11:30:52 -0700


On Wed, Nov 07, 2001 at 11:09:16AM -0700, Robbins, Wesley L wrote:
> I guess I need to simplify this a little.
> He said the magic phase "for my customer"
> Not for my home network.  These are totally 
> different situations.
> 
> "If you are creating a setup for a customer."
> Not your home network were you and maybe a buddy 
> log into it.
> 

How is placing a redhat 5.0 box inside your network related to X forwarding.  I'm interested in what you have to say here, I just don't understand the sceaniaro you're setting up.

> If you allow your general users to use X11 
> forwarding into the network there home system 
> could be already "hacked". Now if that person 
> on the inside thought it would be cool to put a
> say a redhat 5.0 in your customers network and 
> is ssh to it. Your sshd system and firewall 
> you spent sooo much time on will now be worthless.
> An idiot could get in. Using some of the 
> scripts people have made and put on the web.


> I would also suggest reading on some of the security 
> websites about possible risks when using openssh. Most
> of the commercial versions have fixed the "possible 
> treats" people have come up with.  I disagree with 
> allot of the vanilla setup configs that come with 

I imagine you're talking about keys created with ssh-keygen?  

> OpenSSH.  This is me.  I like to use key files. and 

Could you explain what they leave open by default.  Perhaps I'm missing something completely simple I'm sorry if that's the case :-)

> know your host.  Which OpenSSH choose to leave open 
> by default.
> 
> 
> ------------------------------------------------------
> To UNSUBSCRIBE send a message to nmlug-request@swcp.com
> with only the word unsubscribe in the body.  More
> information can be found at www.nmlug.org/info.html
> -----------------------------------------------------

-- 

James Hamilton
Southwest Cyberport
505-232-7992
------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------