Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- UseLogin yes and X11 encryption
May 16, 2005, 11:52 am
rate this thread
because login can't handle it. So if I export my display, do a xhost +,
and open an xterm, is my connection still encrypted? In other words,
are X11 packets still encrypted even though X11Forwarding is disabled?
I'm using recent versions of openssh.
Re: UseLogin yes and X11 encryption
SSH encryption of X connections via X11Forwarding creates a tunnel to carry
such traffic safely, point-to-point, instead of exposing your local machine
to the world.
What you ve done is to completely open your local X server to remote
manipulation by anyone who can reach your machine from elsewhere in your
network, and depending on your configuratiion anywhere in the world. This
can include some very nasty vulnerabilities, and some amusing ones. When I
caught someone doing that at an old workplace, despite my repeated warnings
about it and explanations of how to use SSH X11 forwarding, I ran the
"xroach" program on their unsecured display without their knowledge while
they were away at lunch.
The screams when they moved a window and the roaches popped out from under
it and ran around the screen were *prize*, followed by the shaky laughter
when they figured out what had happened, and I showed them how to *splat*
the roaches wiŠ"ähe mouse. It did make my point, and they stopped doing
- » Putty to Solaris 10: Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum