> > All children of the SSH connection are able to tunnel X11 sessions > > through the X tunnel to the client X11 session. This is > > accomplished by running xauth upon logging in. > > I'm really suprised this is still the default. I've heard mention of > this at least 4 years ago, and have seen trojaned SSH servers around > _since then_ that do logging of client X11 keystrokes - probably the > best place to accomplish this. The problem seems to be that the > authors have not figured out that this isn't a good default, perhaps > for convenience's sake. This suprises me, since people DO know about > this. I think the argument is really convenience vs. security (well, > thats always the argument isn't it?). > > alias ssh="ssh -x" Earlier, bugtraq was told that all ssh versions including openssh automatically tunnel X. This is not correct. openssh has that turned off by default.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:41 PDT