SSL X11 Forwarding

Jimmy · Mar 7, 2019

Was reading an article here: SecurityTrails | Mitigating SSH based attacks – Top 15 Best SSH Security Practices

Maybe X11Forwarding should be set to NO in sshd_config?

12. Disable X11 forwarding
If you are running a remote server, having X11 (graphics server) forwarding capabilities doesn't have too much sense, as you will always stay stick to your black and white remote terminal.

In order to disable X11 forwarding, follow this steps:

nano -w /etc/ssh/sshd_config

Look for this variable:

X11Forwarding yes

Change it to be:

X11Forwarding no

Disabling the X11 protocol will help you to prevent a few types of attacks, as it was never built with security in mind, and it can be used by malicious attackers to open up a channel to the client and send remote commands that may end up really bad.
Click to expand...

eva2000 · Mar 7, 2019

Yes that is something to think about unless users have a use for it ???

eva2000 · Mar 11, 2019

FYI, updated 123.09beta01 so fresh installs do set X11Forwarding no Beta Branch - update sshdtweaks function set X11Forwarding in 123.09beta01

Jimmy · Mar 11, 2019

That's one more small step toward CMM world domination!

Log in / Register

Forums

Join the community today

SSL X11 Forwarding

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

.

Log in / Register

Useful Searches

Join the community today

SSL X11 Forwarding

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

.