[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] Default configuration ssh-client "X11 Forwarding"

On Friday 14 May 2004 15:56, Klaus Knopper wrote:


> So, I do object in restricting X11-forwarding as default. For me, the
> most common (and therefore should be default) case of using ssh
> interactively, is working from one trusted system, logging into another
> trusted system, including remote X access.
> If you don't trust the remote system, you should not log in at all.  If

We often have to log into systems in that we trust less than in our own host,
say a shared webserver or a virtual root server at an ISP. Opening a
back channel by default (through which the remote admin can read
my keystrokes and grab my screen) is questionable at best. Even
between systems of equal trust some bulkheads may help to minimize
the damage in case of a compromise.

> A "reasonable and secure default" does not automatically lead to a
> "reasonably secure system". Note these cases that I have observed in
> real life:
> - User A used ssh to start OpenOffice from a remote machine via an
> Too restrictive firewalls also often lead to security breeches because
> users generate their own tunnels - via software or physical (by
> attaching Modems to computers inside a secure LAN).

Having said that, I agree with you that there is a tradeoff between too
restrictive security configs that will seduce users to dangerous behaviour
and a too lax configuration that is dangerous by itself. So there is no easy
answer about the correct default ssh X11-forwarding configuration.

We are in the lucky situation that the "outside security pressure" for
linux systems is far less than the pressure on the users of that other OS.
So, personallly, I can live with " X11-forwarding yes" for now. But times
may change and in the meantime we should give the unexperienced user
the chance to educate, i.e., if we start ssh from a menu, then there should
be an item "ssh text only" and a second item "ssh (+X11) to trusted host".
Or there should be a dialog window (with opt-out button) that shortly explains
the security implications.

Cheers, Thomas

debian-knoppix mailing list

Reply to: