Configuring other miscellaneous security settings
Our SSH configuration is a lot more secure than it used to be, but we can still make it better. Here are a few little tricks that you might not have seen elsewhere.
Disabling X11 forwarding
When you SSH into a server in the normal manner, as we’ve been doing, you can only run text-mode programs. If you try to remotely run any GUI-based program, such as Firefox, you’ll get an error message. But, when you open the sshd_config
file of pretty much any Linux distro, you’ll see this line:
X11Forwarding yes
This means that with the right option switch, you can remotely run GUI-based programs. Assuming that you’re logging into a machine that has a graphical desktop environment installed, you can use either the -Y
or the -X
option when logging in, like so:
ssh -X [email protected]
or
ssh -Y [email protected]
The problem here is that the X11 protocol, which powers graphical desktop...