Jump to content

ESET OVAs SSH "X11Forwarding" enabled?


BDeep
 Share

Go to solution Solved by MartinK,

Recommended Posts

  • ESET Insiders

Looking at the ESET OVA's sshd_config, x11Forwarding is turned on effectively allowing authenticated users to tunnel traffic through this server using SSH protocol. If the ESET OVA is deployed as a proxy server in a DMZ or internet-facing system, can x11 Forwarding be disabled?

 

I have disabled X11 Forwarding on all ESET OVAs deployed as a proxy and have not noticed any degradation of service but I want to confirm with ESET support that this will not affect performance.

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Looking at the ESET OVA's sshd_config, x11Forwarding is turned on effectively allowing authenticated users to tunnel traffic through this server using SSH protocol. If the ESET OVA is deployed as a proxy server in a DMZ or internet-facing system, can x11 Forwarding be disabled?

 

I have disabled X11 Forwarding on all ESET OVAs deployed as a proxy and have not noticed any degradation of service but I want to confirm with ESET support that this will not affect performance.

 

Hello,

 

I can't recall any reason why would we explicitly enable X11 Forwarding - I guess it is default configuration of sshd package provided by CentOS 6 repositories. Regardless of that, SSH server is provided only for better administration/diagnostic purposes and is not used by any ERA component, therefore you can even completely remove it from appliances.

Link to comment
Share on other sites

  • ESET Insiders

 

Looking at the ESET OVA's sshd_config, x11Forwarding is turned on effectively allowing authenticated users to tunnel traffic through this server using SSH protocol. If the ESET OVA is deployed as a proxy server in a DMZ or internet-facing system, can x11 Forwarding be disabled?

 

I have disabled X11 Forwarding on all ESET OVAs deployed as a proxy and have not noticed any degradation of service but I want to confirm with ESET support that this will not affect performance.

 

Hello,

 

I can't recall any reason why would we explicitly enable X11 Forwarding - I guess it is default configuration of sshd package provided by CentOS 6 repositories. Regardless of that, SSH server is provided only for better administration/diagnostic purposes and is not used by any ERA component, therefore you can even completely remove it from appliances.

 

 

Roger, thanks. We use the SSH server for accessing console logs and other functions (doing non-ESET tasks like installing VMware tools, etc) so it is beneficial to us. I believe that x11 forwarding is enabled by default as well. We'll keep it disabled.

 

I appreciate the quick response.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...