[CentOS] remote ssh to machine how display firefox
Bill Campbell
centos at celestial.com
Sat Dec 8 18:58:40 UTC 2007
On Sat, Dec 08, 2007, Les Mikesell wrote:
>Les Bell wrote:
>>Les Mikesell <lesmikesell at gmail.com> wrote:
>>
>>What's a 'trusted' forwarding mean as opposed to any other kind?
>><<
>>
>>A trusted X11 client will bypass the security controls specified in the X11
>>Security Extension Specification (see
>>http://refspecs.freestandards.org/X11/security.pdf). In general, you don't
>>want to enable this unless you have to. Notice that "trusted forwarding"
>>trusts the users to all be good guys.
>
>Is there a way to describe it in more than 2 words but less than 18
>pages? The main point seems to be that almost nothing works if your
>forwarding isn't trusted. But shouldn't being able to log in via ssh
>mean that you are trusted?
One would hope so, assuming authorized_keys and proper pass
phrases (but then putty and others allow this from the Microsoft
Virus, Windows and I don't trust anything coming from Windows).
On the few systems where we permit ssh authentication with user
name and password, access is tightly controlled via tcp_wrappers
to specific IP addresses.
Recently we have been using OpenVPN to allow secure access from
remote users which makes restricting ssh access easier when
people are roaming so can't be easily identified by IP address.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation.
-- Johnny Hart
More information about the CentOS
mailing list