On Mon, Aug 20, 2001 at 05:09:37PM +0200, christian.burri@synecta.ch wrote:
Hi List =)
Thanks for all your answers; this is enlightening ;-) Well I wasnt sure about X11 forwarding because I set this line in sshd config
X11Forwarding no
But apparently, as Lutz pointed out, this can be overridden. I assume that cant be disabled, resp. users cant be prevented to override?
No. Not really. You don't need root permissions to open a connection on port 6010ff (> 1024), so even if you would patch OpenSSH to remove this feature, users could still compile their own packages. (And, in fact, X tunneling is far superiour to having users perform "xhost +" :-) Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153