[ALUG] wake up GUI

Huge huge at huge.org.uk
Fri Oct 13 10:13:06 BST 2017

‎"Only a risk if you allow ssh from outside, within your own LAN,
presumably, all users are trusted."

In these days of the Internet-of-cheap-Chinese-crap, that's not necessarily a good presumption.

Sent from my Psion 5MX 
  Original Message  
From: Chris Green
Sent: Friday, 13 October 2017 09:03
To: main at lists.alug.org.uk
Subject: Re: [ALUG] wake up GUI

On Thu, Oct 12, 2017 at 10:24:46PM +0100, steve-ALUG at hst.me.uk wrote:
> On 12/10/17 14:15, Phil Thane wrote:
> [snip]
> > I think I'm going to have to start from scratch though, somehow I've managed
> > to lock myself out of Nextcloud and can't get back in without the MariaDB/SQL
> > details, which were on a piece of paper that disappeared when we moved house!
> hope you fix it.
> [snip]
> > The SSH X thing looks useful, not seen that before, I'll give it a go. Thanks.
> > 
> SSH -X *IS* useful, BUT, it is regarded as a security risk.  You have to
> specifically edit your sshd config file to allow it.
Only a risk if you allow ssh from outside, within your own LAN,
presumably, all users are trusted.

> A quick google found this
> https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding
> however there may be many more.  Google "ssh x11 forwarding risk" or
> similar.  (The -X means x11 forwarding.)
> If you're inside a secure network and your client is as secure as your
> server, I wouldn't have thought that there was a problem, but I think the
> consensus is that it could be, which is why it's disabled by default.
It's surely only if the 'local' network that you can ssh around has
lots of users who shouldn't be able to access each others files/systems.

Chris Green

main at lists.alug.org.uk
Unsubscribe? See message headers or the web site above!

More information about the main mailing list