[CentOS] remote ssh to machine how display firefox

Sat Dec 8 18:58:40 UTC 2007
Bill Campbell <centos at celestial.com>

On Sat, Dec 08, 2007, Les Mikesell wrote:
>Les Bell wrote:
>>Les Mikesell <lesmikesell at gmail.com> wrote:
>>
>>What's a 'trusted' forwarding mean as opposed to any other kind?
>><<
>>
>>A trusted X11 client will bypass the security controls specified in the X11
>>Security Extension Specification (see
>>http://refspecs.freestandards.org/X11/security.pdf). In general, you don't
>>want to enable this unless you have to. Notice that "trusted forwarding"
>>trusts the users to all be good guys.
>
>Is there a way to describe it in more than 2 words but less than 18 
>pages?  The main point seems to be that almost nothing works if your 
>forwarding isn't trusted.  But shouldn't being able to log in via ssh 
>mean that you are trusted?

One would hope so, assuming authorized_keys and proper pass
phrases (but then putty and others allow this from the Microsoft
Virus, Windows and I don't trust anything coming from Windows).

On the few systems where we permit ssh authentication with user
name and password, access is tightly controlled via tcp_wrappers
to specific IP addresses.

Recently we have been using OpenVPN to allow secure access from
remote users which makes restricting ssh access easier when
people are roaming so can't be easily identified by IP address.

Bill
--
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation.
		-- Johnny Hart