disable features
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Thu Oct 25 03:24:22 EST 2001
On Wed, Oct 24, 2001 at 09:35:22AM -0400, Ed Phillips wrote:
> On Wed, 24 Oct 2001, Lutz Jaenicke wrote:
>
> > Consider a ssh[d] that has been compiled without X11 forwarding.
>
> Speaking of X11Forwarding... is there any particular reason that somewhere
> between v2.9p2 and v2.9.9p2 there has been a change to the stock
> sshd_config to disable X11Forwarding?
>
> Also, is there any particular reason that authentication forwarding has
> been disabled in 2.X (I'm not sure when, execpt that every since we've
> been trying out 2.X it has been disabled by default).
>
> In addition, if there is some reason not to use these features (bugs,
> unreasonable security risks, etc.)... please let me know.
Both X11 and agent forwarding introduce some risks. If you cannot trust
the admin on the server (or have to consider the system being compromised),
you may experience the following:
* the malicious admin can steal your X-authentication credenticals and via
the forwarded X11 connection he can open up windows on your display.
He could therefore e.g. open a transparent window that captures your
keystrokes.
(This is however still better than a normal X11 connection, so the only
way around it is not allow X11 connections from this host at all. The point
is however, that once X11 forwarding is allowed you won't know which
connections are opened, for normal X11 connections you at least have to
type "xhost +host" or something like that before the access would be
granted.)
* the malicious admin could access your forwarded agent connection and this
way authenticate with your identity to another host using your public
keys. He can however not steal your private key.
(This is still better than performing a slogin on this server and type
your password which can be captured by this admin. The only way around
it is to not open another connection from the questionable server at
all. Only start connections from your trusted system on your desk,
then create some aliases "alias trustedserver slogin -A trustedserver"
so that you can use the advantages of agent forwarding on trustedserver
and are protected elsewhere.
Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
More information about the openssh-unix-dev
mailing list