On Wed, 10 Jul 2002 23:25:45 +0100
kevin lyda <kevin at linux.ie> blurted in message
20020710232545.C23269 at ie.suberic.net:
> On Wed, Jul 10, 2002 at 01:06:33PM -0700, Rick Moen wrote:
> > Given that concern, you might want to consider avoiding xauth, because
> > it's a serious security hazard. Doing "ssh -X user at host" is my
>> uh... ok, yes, ssh -X is better, but that's to avoid xhost, not xauth.
> ssh -X uses xauth. xhost should be avoided because it's host based
> "security."
>xauth is nice... assuming you have an Xserver listening on tcp, you can
then do things like
xauth nlist | ssh new_machine xauth nmerge -
and once
DISPLAY=Xserver:0.0
is set on the new_machine, everything will behave (in theory).
Of course, you may want to be a little more selective with what you list
in xauth nlist... RTFM for more info.
/me doesn't trust ssh -X very much, as a malicious sshd can do some
particularly nasty things... I always have XForwarding turned off by
default. (Though, would you want to ssh into a known malicious machine?)
L.
--
Liam Bedford | Greg: Can't you see you're all alcoholics?
--------------| Guv: Oi. We don't call them that. We call
them fanatical followers of the Ale
Kaeda network.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
