[ale] openssh and $DISPLAY
Bob
bob at cavu.com
Tue Aug 15 20:17:07 EDT 2000
You want to be _very_ careful that the X data actually is going through
the encrypted tunnel as it is very easy to goof and send unencrypted data
through the network.
1. Verify that $DISPLAY is correct. Some shell startup scripts unconditionally
set it to ":0.0". It should show as "server_name:10.0" for the first
SSH connection.
2. Verify that the client system is not connecting to port 6000-6009 of
the server as 6000 is server_name:0.0, etc. SSH normally starts at port
6010 for the first encrypted connection, 6010 for the second, etc.
The netstat program is a good way to test this.
3. Use IP Chains to block ports 6000-6009 to be sure someone does not
goof.
4. Note that these port numbers only are applicable to non-strange
configurations.
Bob Toxen
bob at cavu.com
http://www.cavu.com
Fly-By-Day Consulting, Inc. "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and software consulting since 1990.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list