Biznas
»
Security
»
Security
»
mitigating the security risk of ssh X forwarding
Rank: Newbie
Groups: Registered
Joined: 6/16/2018(UTC) Posts: 8 Location: USA
|
Hello, In ssh connections, generally I'd been thinking about the security of the server rather than the client, i.e. can the server trust the client with the exposed functionality and data. But I realized the other day that security in the other direction must also be considered. For example, forwarding X11 is totally not safe to do if you can't totally vouch for the integrity of the server, because you're giving that server ALL your input, whether it's related to a program you're running from the server or to one locally. You can't even switch to another terminal window and put in your password without it being possible for the server to keylog the whole thing. Even if you're not using multiple windows, if your screen locker activates and you have to put in your password, the server can keylog that also. So my question is this: Is it possible to forward X in a way that doesn't expose the client to this vulnerability? Any alternative programs/technologies that would achieve the same purposes without exposing the client this way? Please help I didn't find the right solution from the internet. References: https://arstechnica.com/...c.php?f=16&t=1324333Whiteboard Video Production CompanyThank you
|
|
|
|
Biznas
»
Security
»
Security
»
mitigating the security risk of ssh X forwarding
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.