cc_staff
127
edits
SSH configuration file: Difference between revisions
Jump to navigation
Jump to search
Add warning about trusted X11 forwarding
No edit summary |
(Add warning about trusted X11 forwarding) |
||
| Line 37: | Line 37: | ||
in the corresponding sections of your configuration file. However, we do not recommend doing so in general, for these reasons: | in the corresponding sections of your configuration file. However, we do not recommend doing so in general, for these reasons: | ||
* Enabling X11 forwarding by default for all of your connections can slow down your sessions, especially if your X11 client on your computer is misconfigured. | * Enabling X11 forwarding by default for all of your connections can slow down your sessions, especially if your X11 client on your computer is misconfigured. | ||
* Similarly, while forwarding your SSH agent is convenient and more secure than typing a password on a remote computer, it | * Enabling trusted X11 forwarding comes with a risk. Should the server to which you are connecting to be compromised, a privileged user (<code>root</code>) could intercept keyboard activity on your local computer. Use trusted X11 forwarding <i>only when you need it</i>. | ||
* Similarly, while forwarding your SSH agent is convenient and more secure than typing a password on a remote computer, it also comes with a risk. Should the server to which you are connecting to be compromised, a privileged user (<code>root</code>) could use your agent and connect to another host without your knowledge. Use agent forwarding <i>only when you need it</i>. We also recommend that, if you use this feature, you should combine it with <code>ssh-askpass</code> so that any use of your SSH agent triggers a prompt on your computer, preventing usage of your agent without your knowledge. | |||
<!--T:5--> | <!--T:5--> | ||
[[Category:Connecting]] | [[Category:Connecting]] | ||
</translate> | </translate> | ||