ESET Insiders BDeep 7 Posted December 23, 2015 ESET Insiders Share Posted December 23, 2015 Looking at the ESET OVA's sshd_config, x11Forwarding is turned on effectively allowing authenticated users to tunnel traffic through this server using SSH protocol. If the ESET OVA is deployed as a proxy server in a DMZ or internet-facing system, can x11 Forwarding be disabled? I have disabled X11 Forwarding on all ESET OVAs deployed as a proxy and have not noticed any degradation of service but I want to confirm with ESET support that this will not affect performance. Link to comment Share on other sites More sharing options...
ESET Staff Solution MartinK 378 Posted December 23, 2015 ESET Staff Solution Share Posted December 23, 2015 Looking at the ESET OVA's sshd_config, x11Forwarding is turned on effectively allowing authenticated users to tunnel traffic through this server using SSH protocol. If the ESET OVA is deployed as a proxy server in a DMZ or internet-facing system, can x11 Forwarding be disabled? I have disabled X11 Forwarding on all ESET OVAs deployed as a proxy and have not noticed any degradation of service but I want to confirm with ESET support that this will not affect performance. Hello, I can't recall any reason why would we explicitly enable X11 Forwarding - I guess it is default configuration of sshd package provided by CentOS 6 repositories. Regardless of that, SSH server is provided only for better administration/diagnostic purposes and is not used by any ERA component, therefore you can even completely remove it from appliances. Link to comment Share on other sites More sharing options...
ESET Insiders BDeep 7 Posted December 23, 2015 Author ESET Insiders Share Posted December 23, 2015 Looking at the ESET OVA's sshd_config, x11Forwarding is turned on effectively allowing authenticated users to tunnel traffic through this server using SSH protocol. If the ESET OVA is deployed as a proxy server in a DMZ or internet-facing system, can x11 Forwarding be disabled? I have disabled X11 Forwarding on all ESET OVAs deployed as a proxy and have not noticed any degradation of service but I want to confirm with ESET support that this will not affect performance. Hello, I can't recall any reason why would we explicitly enable X11 Forwarding - I guess it is default configuration of sshd package provided by CentOS 6 repositories. Regardless of that, SSH server is provided only for better administration/diagnostic purposes and is not used by any ERA component, therefore you can even completely remove it from appliances. Roger, thanks. We use the SSH server for accessing console logs and other functions (doing non-ESET tasks like installing VMware tools, etc) so it is beneficial to us. I believe that x11 forwarding is enabled by default as well. We'll keep it disabled. I appreciate the quick response. Link to comment Share on other sites More sharing options...
Recommended Posts