Jesus h Em 29 de junho de 2021 15:58:49 BRT, "Andrew M.A. Cater" <amaca...@einval.com> escreveu: >On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote: >> > On 2021-06-29 1:27 p.m., Greg Wooledge wrote: >> > > On Tue, Jun 29, 2021 at 04:33:50PM +0000, Andrew M.A. Cater >wrote: >> > >> ssh -Y is similar to ssh -X but does some authentication - yuu >don't have >> > >> to use xhost+ or similar. >> > > >> > > You don't use xhost with ssh -X, either. At least, not >explicitly. >> > > ssh takes care of that for you. >> > > >> > > In fact, on Debian, ssh -X and ssh -Y do exactly the same thing, >due >> > > to changes that Debian made. This is documented in the ssh(1) >man page. >> > > >> > > If you've been using "xhost +" together with "ssh -X", you've >been doing >> > > it wrong (and *dramatically* destroying all your network >security) all >> > > along. >> >> On Tue, Jun 29, 2021 at 02:05:18PM -0400, Polyna-Maude >Racicot-Summerside wrote: >> > What I stated was pretty simple : >> >> That was the fucking point. >> > >Greg: If it helps, I get that - and have always got it. I hadn't >appreciated >that - for Debian - ssh -X and ssh -Y are essentially identical. Thanks >for the pointer. > >Sorry to have created any confusion. > >It's _nearly_ July 1st. Tomorrow sometime I'll be getting round to >reposting >the debian-user mailing list FAQ. Please, no rude words, especially the >f-ing >word? As frustrating as any of us can be, it doesn't add merit to >argument. >Email is already hard enugh to understand and appreciate: there are >folk >here where English is a non-native language and swear words don't help >carry meaning. > > >All the very best to you both - and everybody reading and using this >list >and it's archives. > >Andy Cater > >> >> Now, if you want to advocate that people should use xhost + because >> that's how you learned things back in the early 1990s, that's your >right, >> but I hope you will at least point out how INCREDIBLY INSECURE this >is, >> and that it should only be done on an isolated private network, and >only >> for educational purposes, never for actual work. >> >> Even then, you wouldn't combine it with ssh -X. xhost + and manually >> overriding DISPLAY bypasses the ssh encryption layer entirely. It >also >> involves starting the X server with a non-default option, so it's >quite >> a lot more work than using ssh -X. Which is good. We wouldn't want >the >> horribly broken way to be the easy way. >>
-- Enviado de meu dispositivo Android com K-9 mail. Desculpe-me pela brevidade.
