[vox-tech] xhost+: Why you should NEVER DO THAT
Micah Cowan
micah at cowan.name
Fri Mar 18 09:15:49 PST 2005
Peter Jay Salzman wrote:
>However, it should be pointed out that once someone gets access to your LAN,
>even ssh, sshd and gnupg are all suspects.
>
I disagree. Were this the case, then you could not use ssh or sshd over
the internet; or gnupg while connected to the internet. There's little
difference between them. And in the specific case of using ssh for X
port-forwarding on the very same machine, nothing's going over the wire
anyway.
Now, if someone gets remote access to your /host/, and you don't have
reasonable measures in place, that's another matter. If someone gets
physical access to your host in any way, of course you can't be sure of
anything.
But for instance: if I specifically allow someone access to my home
LAN--say, a neighbor--and do not know him well enough to be sure that he
wouldn't try to sniff passwords or packets, I am still very safe in
using ssh, whether on one computer or between two; provided he doesn't
have inappropriate access to either host.
-Micah
More information about the vox-tech
mailing list