On 13 Mar 2007 00:41:45 +0100, Thomas Hafner wrote:
Hello,
having an option like
ControlPath ~/.ssh/control/[EMAIL PROTECTED]:%p
is probably not a good idea, if the user's home directory is shared by
different machines (name collision for similiar outgoing SSH
connections). Something like that
It can also be set per socket with setsockopt(2).
How to do something similar in an ssh subsystem, I'm afraid I don't know
Regards
Mark
On 1/15/07, olaf weiser wrote:
Hallo to all,
so far I know, this is a system wide parameter You could set this
per interface or for all
You're quite right. Netcat is included in most unices (to get full
bidirectional port forwarding, you would actually need two shell
commands a pipeline). Socat is quite a bit more versatile, and
would do the forward in a single command. I think it's available by
default in some unices, and
I have a feeling that might not be very robust if you're allowing sftp
or scp to anywhere a user normally has access to - a user could then
download their own authorized_keys file, edit it to give themselves
shell access, and then upload it.
Another option might be to use the Match option in
On 8/29/06, Christ, Bryan wrote:
All,
Please pardon my naivete.
I was looking at the diagram on the URL listed below and contemplating
how host fingerprinting prevents MITM attacks.
http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html
So my question is this... Given the
No, don't use xhost +
The entire point of using ssh for X11 forwarding is that the ssh
connection comes from a local process - you don't have to accept
outside X11 connections.
xhost + is used specifically for accepting X11 connections that
_don't_ come from a local process (e.g not over your