Re: What's the deal on the -X vs -Y thing?
From: Per Hedeland (per_at_hedeland.org)
Date: 01/26/05
- Previous message: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
- In reply to: Darren Tucker: "Re: What's the deal on the -X vs -Y thing?"
- Next in thread: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Jan 2005 06:52:20 +0000 (UTC)
In article
<41f6e7b0$0$10510$5a62ac22@per-qv1-newsreader-01.iinet.net.au>
dtucker@dodgy.net.au (Darren Tucker) writes:
>In article <ct6g89$17tt$1@hedeland.org>, Per Hedeland <per@hedeland.org> wrote:
>>In article
>><41f61b0c$0$10545$5a62ac22@per-qv1-newsreader-01.iinet.net.au>
>>dtucker@dodgy.net.au (Darren Tucker) writes:
>>>Now try it with those lines moved to the upgraded systems' global
>>>ssh_config (ie /usr/local/etc/ssh_config or wherever you've configured
>>>--sysconfdir to be). This is actually what I (and the FAQ) suggested.
>>
>>It actually did occur to me (after posting) that this was what you (and
>>the FAQ) were suggesting (with just the file name given it's ambiguous
>>of course), but I couldn't really believe that...
>
>I didn't think the filename was ambiguous (the name of the per-user
>config file is "config" not "ssh_config" and is usually referred to as
>"$HOME/.ssh/config" where it matters)
You're right of course - I was simply misreading (or rather misthinking),
especially stupid since my original post actually included a test using
$HOME/.ssh/config.
> but I can certainly make the FAQ
>clearer on this.
I think that would be good - also clarifying what ForwardX11Trusted
really does per below.
>>This cure is worse
>>than the disease IMHO - the system-wide default should be that
>>X11-forwarding is turned off altogether (which it is in a standard
>>OpenSSH install as far as I can see).
>
>I think you misunderstand what ForwardX11Trusted does: it enables
>trusted cookies *if* X forwarding is enabled. It doesn't enable X
>forwarding by itself, you have to add "ForwardX11 yes" or "-X" too
>(try it).
That was indeed my other misunderstanding - for this thread; the most
embarassing thing is that I had already put ForwardX11Trusted in
ssh_config on my workstation - with a comment specifically pointing out
that it had no effect by itself!:-) I guess my memory isn't what it used
to be...
>You're arguing that changing the default was a bad tradeoff from a
>security-vs-usability POV. I can respect your opinion but I think we're
>going to have to agree to disagree.
Actually you've convinced me that it was a reasonably good choice -
thanks for your patience!
--Per Hedeland
per@hedeland.org
- Previous message: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
- In reply to: Darren Tucker: "Re: What's the deal on the -X vs -Y thing?"
- Next in thread: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
