[ALUG] wake up GUI

Huge huge at huge.org.uk
Fri Oct 13 10:13:06 BST 2017


‎"Only a risk if you allow ssh from outside, within your own LAN,
presumably, all users are trusted."

In these days of the Internet-of-cheap-Chinese-crap, that's not necessarily a good presumption.

-- 
Sent from my Psion 5MX 
  Original Message  
From: Chris Green
Sent: Friday, 13 October 2017 09:03
To: main at lists.alug.org.uk
Subject: Re: [ALUG] wake up GUI

On Thu, Oct 12, 2017 at 10:24:46PM +0100, steve-ALUG at hst.me.uk wrote:
> On 12/10/17 14:15, Phil Thane wrote:
> [snip]
> > I think I'm going to have to start from scratch though, somehow I've managed
> > to lock myself out of Nextcloud and can't get back in without the MariaDB/SQL
> > details, which were on a piece of paper that disappeared when we moved house!
> hope you fix it.
> 
> [snip]
> 
> > The SSH X thing looks useful, not seen that before, I'll give it a go. Thanks.
> > 
> 
> SSH -X *IS* useful, BUT, it is regarded as a security risk.  You have to
> specifically edit your sshd config file to allow it.
> 
Only a risk if you allow ssh from outside, within your own LAN,
presumably, all users are trusted.


> A quick google found this
> https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding
> however there may be many more.  Google "ssh x11 forwarding risk" or
> similar.  (The -X means x11 forwarding.)
> 
> If you're inside a secure network and your client is as secure as your
> server, I wouldn't have thought that there was a problem, but I think the
> consensus is that it could be, which is why it's disabled by default.
> 
It's surely only if the 'local' network that you can ssh around has
lots of users who shouldn't be able to access each others files/systems.

-- 
Chris Green

_______________________________________________
main at lists.alug.org.uk
http://www.alug.org.uk/
https://lists.alug.org.uk/mailman/listinfo/main
Unsubscribe? See message headers or the web site above!



More information about the main mailing list