-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 der.hans wrote: |> |>On by default? As in "X11Forwarding yes" in /etc/sshd_config? |> |>I've found that if you leave it set to no that you can still do X11 |>forwarding if the server has xauth installed and you pass the -X option |>to ssh. What's the reasoning for turning it on by default? O.o | | It does? Hmm, gonna have to try that again. Last I tried, a couple of | months ago, I needed to turn on X11Forwarding at the server in order to get | X forwarding over ssh. My mistake. I must have checked the setting and not reloaded sshd or something, because now it behaves exactly as you describe. =op The man pages describing the option, however, are a slight bit misleading on the topic -- they seem to imply that it can still be possible to do. | I think most people deny based on IPs that have been allocated to .cn. I | want to put in rules like this, so I'll be figuring it out soon, just not | quite yet :). I figured a line in hosts.deny to block based on reverse DNS mappings would be a simple, quick solution, and probably a bit easier than figuring out whole blocks of IPs allocated to China. | Putting the rules in hosts.deny is probably good, but I will likely put | them in the firewall rules. Maybe I'll finally right some 'mess with the | attackers' rules. You know, things that port forward to random services, | then either kill all future packets from the offending IP or port forward | to other services. I guess I really need a daemon that'll pretend to be | various things. It'd be fun to claim to be an ftp daemon that's insisting | on some finger protocol and wanting to use ssh keys ;-). Who's the daemon, you or the software? It's a devilishly fun idea, and almost makes me want to setup a honeypot with something like that on my second IP. Maybe it should be called a gremlin instead... >=o) | If you do hop on the Net make sure to use your own local computer and | hopefully one-time passwords. Bringing my own local box to China doesn't sound like a good idea. Sortof like leading a hen into a den of foxes. | Oh and carry knoppix :). Letting Knoppix do the dirty work and take over someone else's computer, though, sounds much more appealing. >=o) - -- June Tate * http://www.theonelab.com * june@theonelab.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBv9ZTiLw1iDrV/zwRAmlZAJ0fRPhvfDzCnY6ec/+TVBA+RTpxegCeKFGF yS5dA1VhEyJt2195eHogqfc= =VUws -----END PGP SIGNATURE----- --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss