disable features

David Terrell dbt at meat.net
Tue Oct 30 10:25:52 EST 2001


On Wed, Oct 24, 2001 at 06:56:42PM +0200, Markus Friedl wrote:
> 
> both agent and x11 forwarding are off by default since they allow
> access to local resource from the remote machine where the sshd is
> running.
> 
> enable agent and x11 forwarding only if you trust the remote server.

Is there any reason why they are disabled in the server, since they 
pose no particular additional security risks to the server itself?
I'd rather see them on by default in the server and off by default
in the client, since the client is both more at risk and easier to 
selectively enable.

-- 
David Terrell             | "Any sufficiently advanced technology 
Prime Minister, Nebcorp   | is indistinguishable from a rigged demo."
dbt at meat.net              |  - Brian Swetland
http://wwn.nebcorp.com/



More information about the openssh-unix-dev mailing list