on Sun, Apr 21, 2002, Shawn McMahon (smcmahon@eiv.com) wrote:
> begin David Z Maze quotation:
> >
> > "Don't do that." xhost is notoriously insecure; ssh X forwarding is
> > easier to manage, isn't vulnerable to IP spoofing attacks, and doesn't
> > require you to manually set DISPLAY. The X server in woody comes, by
>
> Unless the other machine is not administrated by you,
There are few X11-capable systems whic won't allow users to run
arbitrary clients. Including an ssh client run from floppy or a
user-installed directory.
> and either doesn't have ssh,
_Not_ _an_ _excuse_. SSH is available for everything from DOS to VMS
(though there doesn't seem to be one for MVS that I can find).
Certainly any flavor of 'Nix, 'Doze, or Mac is covered.
If you need to find a client for your platform, see a comprehensive list
at:
http://www.linuxmafia.com/pub/linux/security/ssh-clients
> or doesn't allow X forwarding in it's
That's "its".
> ssh config.
X11 forwarding effects server only. For the client, this is
command-line configurable.
There's an additional condition that would be required before I'd
consider this: a signed, bonded, acceptance that the party in question
would accept full and complete liability for any security exploit and
subsequent recovery which could be traced to or have been potentially
aggrevated by use of insecure communications protocols.
There's simply no excuse _not_ to use SSH over any network more complex
than PLIP.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Is GNU/Linux the future? Hell, it's the present:
http://www.dwheeler.com/oss_fs_why.html
Attachment:
pgpCj1_iECc7g.pgp
Description: PGP signature