[CentOS] freenx

Wed Jan 25 00:20:40 UTC 2006
Les Mikesell <lesmikesell at gmail.com>

On Tue, 2006-01-24 at 17:57, Maciej Żenczykowski wrote:
> > Hmm - we're through the firewall! and we can connect to ANY port that the 
> > server is allowed to connect to (both on the server and in the local 
> > network).  We can use this to connect to the SMTP port and send mail as if 
> > from localhost - in effect we've an open relay.
> 
> Note: I know this can be turned of in the sshd_config file for all users - 
> but that limits usability of the ssh server.  Normal users should normally 
> be allowed to do port-forwarding (they can do it anyway if they have shell 
> access).
> 
> Note also that the authorized_keys file can contain appropriate keywords
> (no-port-forwarding, no-X11-forwarding, no-agent-forwarding)
> (see man sshd_config) to make the above fail, but is your server 
> configured properly?

I'd agree that the nx user's authorized_keys file should contain
this directive by default if it isn't needed by the protocol.
Do you know the right place to post a bug?

-- 
  Les Mikesell
   lesmikesell at gmail.com