begin Karsten M. Self quotation: > > > > Unless the other machine is not administrated by you, > > There are few X11-capable systems whic won't allow users to run > arbitrary clients. Including an ssh client run from floppy or a > user-installed directory. Karsten, have you ever worked somewhere large enough that you didn't control the policies for every machine you were required to use? I have. There are MANY X11-capable systems who's administrators will not allow users to run arbitrary clients, install arbitrary software, or access the floppy drives. Hell, I'm not driving to Memphis or flying to Singapore to put a floppy in a drive every time I need to use somebody else's server to get my job done. > If you need to find a client for your platform, see a comprehensive list > at: > > http://www.linuxmafia.com/pub/linux/security/ssh-clients I've got a client for the platforms in question. It's not worth getting fired to install it. > X11 forwarding effects server only. For the client, this is > command-line configurable. And the server's config can prevent it. > There's simply no excuse _not_ to use SSH over any network more complex > than PLIP. Which doesn't prevent other people from making bad decisions. I am not the president of the company. I am responsible for security and software and policy decisions on a few hundred servers, and even there I am not the ultimate authority; management is. I'm not quitting my job because of that, nor am I going to violate their policies and get fired because of it, unless you (or someone else) is going to offer me sufficient inducements per hour to do so. -- Shawn McMahon | McMahon's Laws of Linux support: http://www.eiv.com | 1) There's more than one way to do it AIM: spmcmahonfedex, smcmahoneiv | 2) Somebody thinks your way is wrong
Attachment:
pgpinU3LLxHKT.pgp
Description: PGP signature