Re: newbie security question

From: Konstantinos Peletidis (kpeletidis_at_dsl.pipex.spammers.must.go2jail.com)
Date: 06/26/04 

Date: Sat, 26 Jun 2004 18:35:25 +0100

On Sat, 26 Jun 2004 16:47:29 GMT
Gandalf Parker <gandalf@most.of.my.favorite.sites> wrote:
>
> If you are managing your machine by sitting at the keyboard, then you
> can turn off SSH (port 22). Its listening to see if someone wants to
> use the machine from the internet using secure shell. It IS the most
> recommended method of doing that, but if no one needs to get to the
> machine level from off the net then you should shut it off. If you are
> using your home machine to connect to this machine and do things, you
> probably need 22 and maybe 6000
>
> If you managing your machine completely from the command prompt
> instead of a pretty graphic windows menu thing, then you can turn off
> X-windows (port 6000). Actually you can probably still do xwindows at
> the keyboard and just shut off the part of it that says "I might want
> to do this coming in from the internet" but Im not sure how.

You don't need port 6000 even for remote X11 sessions, as long as you
are using ssh with X forwarding. Something like

$ ssh -2 -X -C -c blowfish user@hostname

allows you to login to the remote machine and launch X applications
there while receiving the graphical output on your local machine
(provided that you are running X11 on the local machine, of course).

For more information regarding the options of the above command read the
ssh man page.

If you want to play safe, you can start your X server(s) with the option
NOT to listen for connections, thereby port 6000 won't be open.

$ startx -- -nolisten tcp

Personally, I have added an alias in my .bashrc to save myself the extra
typing:

alias startx='startx -- -nolisten tcp'

HTH 

-- 
Konstantinos Peletidis
Electronic & Computer Engineer

Relevant Pages

  • Re: newbie security question
    ... > tells me that these ports are used by some nasty trojans. ... If you are managing your machine by sitting at the keyboard, ... coming in from the internet" but Im not sure how. ...
    (comp.os.linux.security)
  • Re: Does anyone here own the Voyager?
    ... The Linux tablets are neat devices, but they aren't cellular phones. ... They look like a tiny laptop with the bottom (keyboard) half missing. ... I won't use them for the internet. ...
    (alt.cellular.verizon)
  • Re: Does anyone here own the Voyager?
    ... The Linux tablets are neat devices, ... They look like a tiny laptop with the bottom (keyboard) half missing. ... I won't use them for the internet. ... They advertise that they have a lot of bars, ...
    (alt.cellular.verizon)
  • Re: Dell C640 always does Diagnostic Boot Selected
    ... are only two ways to launch it. ... The button clicks normally and launches Internet Explorer ... things with the keyboard to eliminate it as well. ... If I purposely hold down the Fn key during power up ...
    (comp.sys.laptops)
  • Re: Using old PC as hard disc storage
    ... > You'll still need a keyboard and monitor to install the OS of choice. ... You'll have a lack of mouse message in windows prior ... This PC used netbeui protocol for the LAN, ... The XP PC was behind a router for internet ...
    (microsoft.public.windowsxp.general)