-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > All children of the SSH connection are able to tunnel X11 sessions > through the X tunnel to the client X11 session. This is > accomplished by running xauth upon logging in. I'm really suprised this is still the default. I've heard mention of this at least 4 years ago, and have seen trojaned SSH servers around _since then_ that do logging of client X11 keystrokes - probably the best place to accomplish this. The problem seems to be that the authors have not figured out that this isn't a good default, perhaps for convenience's sake. This suprises me, since people DO know about this. I think the argument is really convenience vs. security (well, thats always the argument isn't it?). alias ssh="ssh -x" - - Oliver -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOLb+Bcm4FXxxREdXEQJjLACgoGiRtmw83fuRGq45uCH2sEq0A4EAnRdx 10/rEK4mQWSWQOXdgu+iWp3D =/XuK -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:23 PDT