Re: X Windows security
Sherman, Michael (GE Energy) wrote:
Not sure how helpful I can be here. I've just been reading the Linux
Security Admin's Guide/Linux Security HOW-TO this evening. I've also
just setup ssh on a small LAN. Basically, ssh provides the security,
especially if you're actually using the key system. The remote host
will need your public key to authenticate you. You can then run remote
X apps securely. In fact, the Linux Security How-To recommends using
ssh as the way to connect to a remote X server. Thus your VNC-over-ssh
coonection should be pretty darned secure. I know there are a few ssh
implementations, but OpenSSH is probably your best bet - based on what
little I know.
I have a quick question. I know that a machine is much less secure when X
Windows is running. Does it apply in the same way when X stuff is installed,
but the desktop is not actually running?
How secure are vncserver sessions and X over ssh?
Thanks in advance
As for the security of X, I believe it mainly only applies when X is
running. The issue is that X logins are easy for intruders to
watch/catch. The How-To recommends using XDM. It doesn't mention why,
but the implication seems to be that using XDM is more secure than X by
itself. I'm sure a more experienced security guru would be more
helpful. I'm also glad you brought this up. I would like to know if
WDM, KDM, GDM, or any other *DM provides the same security enhancement
as XDM. I'm assuming that these do accomplish the same task, but would
like to be sure.
Hope I've been helpful here.
"Free software is like God's love - you can share it with anyone anytime