On Sat, Dec 08, 2007, Les Mikesell wrote: >Les Bell wrote: >>Les Mikesell <[EMAIL PROTECTED]> wrote: >> >>What's a 'trusted' forwarding mean as opposed to any other kind? >><< >> >>A trusted X11 client will bypass the security controls specified in the X11 >>Security Extension Specification (see >>http://refspecs.freestandards.org/X11/security.pdf). In general, you don't >>want to enable this unless you have to. Notice that "trusted forwarding" >>trusts the users to all be good guys. > >Is there a way to describe it in more than 2 words but less than 18 >pages? The main point seems to be that almost nothing works if your >forwarding isn't trusted. But shouldn't being able to log in via ssh >mean that you are trusted?
One would hope so, assuming authorized_keys and proper pass phrases (but then putty and others allow this from the Microsoft Virus, Windows and I don't trust anything coming from Windows). On the few systems where we permit ssh authentication with user name and password, access is tightly controlled via tcp_wrappers to specific IP addresses. Recently we have been using OpenVPN to allow secure access from remote users which makes restricting ssh access easier when people are roaming so can't be easily identified by IP address. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
