[NMLUG] ssh X forwarding

Robbins, Wesley L nmlug@swcp.com
Wed, 7 Nov 2001 12:00:22 -0700


After 5.0 they stopped having non owned Xserver 
running on the box.  There are simple scripts 
out there that you push an X app to the 5.0 
system that makes a tcp tunnel out of the firewall.  

My scenario 
Last year I had a 12 year old staying at my house 
He setup a 5.0 on a machine on my home and to show his
friends. I allowed him to have an account to get to 
his newly setup box.  Well his home machine was 
running a Trojan that looked for ssh connections to and 
runs a little app in the background by pushing an X app 
into my network. After getting access the person then 
was able to brute force my other machines. This person 
erased my hard drives. Kill bioses and used my home 
network as a DDOS(before he killing everything of course)
This was because I let a non-secure connection to the 
non-secure computer in my network.

For a customer I would have expected to be sued for loss
of data and failure to protect there assets.

What I disagree with the Default config is.
  Allow root to login
  Allow X11Forwarding 
  Require Key files turned is off.
  So ssh is just a highly powerful telnet session.
  
  Now Setting up Allowed hosts to connect is 
  something I think should be Fixed as soon as 
  a Admin brings the box online.

  SuSe has changed a few parts of the config.
  It turns off daisy chaining by default.
  
  

------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------