disable features

David Terrell dbt at meat.net
Tue Oct 30 10:50:57 EST 2001


On Mon, Oct 29, 2001 at 03:25:52PM -0800, David Terrell wrote:
> On Wed, Oct 24, 2001 at 06:56:42PM +0200, Markus Friedl wrote:
> > 
> > both agent and x11 forwarding are off by default since they allow
> > access to local resource from the remote machine where the sshd is
> > running.
> > 
> > enable agent and x11 forwarding only if you trust the remote server.
> 
> Is there any reason why they are disabled in the server, since they 
> pose no particular additional security risks to the server itself?
> I'd rather see them on by default in the server and off by default
> in the client, since the client is both more at risk and easier to 
> selectively enable.

sorry, please disregard.

I really shouldn't respond to anything when I'm catching up on list
traffic from the previous week...

-- 
David Terrell   | "The reasons for my decision to quit were myriad, but 
Nebcorp PM      | central to the decision was the realization that there are 
dbt at meat.net    | two kinds of companies:  Good ones ask you to think for 
wwn.nebcorp.com | them.  The others tell you to think like them." -Benjy Feen



More information about the openssh-unix-dev mailing list