disable features

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Thu Oct 25 03:24:22 EST 2001 

On Wed, Oct 24, 2001 at 09:35:22AM -0400, Ed Phillips wrote:
> On Wed, 24 Oct 2001, Lutz Jaenicke wrote:
> 
> > Consider a ssh[d] that has been compiled without X11 forwarding.
> 
> Speaking of X11Forwarding... is there any particular reason that somewhere
> between v2.9p2 and v2.9.9p2 there has been a change to the stock
> sshd_config to disable X11Forwarding?
> 
> Also, is there any particular reason that authentication forwarding has
> been disabled in 2.X (I'm not sure when, execpt that every since we've
> been trying out 2.X it has been disabled by default).
> 
> In addition, if there is some reason not to use these features (bugs,
> unreasonable security risks, etc.)... please let me know.

Both X11 and agent forwarding introduce some risks. If you cannot trust
the admin on the server (or have to consider the system being compromised),
you may experience the following:
* the malicious admin can steal your X-authentication credenticals and via
  the forwarded X11 connection he can open up windows on your display.
  He could therefore e.g. open a transparent window that captures your
  keystrokes.
  (This is however still better than a normal X11 connection, so the only
  way around it is not allow X11 connections from this host at all. The point
  is however, that once X11 forwarding is allowed you won't know which
  connections are opened, for normal X11 connections you at least have to
  type "xhost +host" or something like that before the access would be
  granted.)
* the malicious admin could access your forwarded agent connection and this
  way authenticate with your identity to another host using your public
  keys. He can however not steal your private key.
  (This is still better than performing a slogin on this server and type
  your password which can be captured by this admin. The only way around
  it is to not open another connection from the questionable server at
  all. Only start connections from your trusted system on your desk,
  then create some aliases "alias trustedserver slogin -A trustedserver"
  so that you can use the advantages of agent forwarding on trustedserver
  and are protected elsewhere.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

More information about the openssh-unix-dev mailing list