[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] openssh and $DISPLAY

Subject: [ale] openssh and $DISPLAY
From: bob at cavu.com (Bob)
Date: Tue, 15 Aug 2000 20:17:07 -0400

You want to be _very_ careful that the X data actually is going through
the encrypted tunnel as it is very easy to goof and send unencrypted data
through the network.

1. Verify that $DISPLAY is correct.  Some shell startup scripts unconditionally
   set it to ":0.0".  It should show as "server_name:10.0" for the first
   SSH connection.

2. Verify that the client system is not connecting to port 6000-6009 of
   the server as 6000 is server_name:0.0, etc.  SSH normally starts at port
   6010 for the first encrypted connection, 6010 for the second, etc.
   The netstat program is a good way to test this.

3. Use IP Chains to block ports 6000-6009 to be sure someone does not
   goof.

4. Note that these port numbers only are applicable to non-strange
   configurations.

Bob Toxen
bob at cavu.com
http://www.cavu.com
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and software consulting since 1990.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

Prev by Date: [ale] current pulled by computer power supply
Next by Date: [ale] Kernel Panic question
Previous by thread: [ale] openssh and $DISPLAY
Next by thread: [ale] openssh and $DISPLAY
Index(es):
- Date
- Thread