[14060] in bugtraq
Re: SSH & xauth
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon Feb 28 12:12:55 2000
Message-Id: <200002280301.UAA09309@cvs.openbsd.org>
Date: Sun, 27 Feb 2000 20:01:41 -0700
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: Oliver Friedrichs <OFriedrichs@SECURITY-FOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Fri, 25 Feb 2000 14:17:26 PST."
<4036B8ED3AAED3118F9E00A0CC58F9F1873E@MAIL>
> > All children of the SSH connection are able to tunnel X11 sessions
> > through the X tunnel to the client X11 session. This is
> > accomplished by running xauth upon logging in.
>
> I'm really suprised this is still the default. I've heard mention of
> this at least 4 years ago, and have seen trojaned SSH servers around
> _since then_ that do logging of client X11 keystrokes - probably the
> best place to accomplish this. The problem seems to be that the
> authors have not figured out that this isn't a good default, perhaps
> for convenience's sake. This suprises me, since people DO know about
> this. I think the argument is really convenience vs. security (well,
> thats always the argument isn't it?).
>
> alias ssh="ssh -x"
Earlier, bugtraq was told that all ssh versions including openssh
automatically tunnel X.
This is not correct. openssh has that turned off by default.
