[ this entry will be updated as I think of more stuff to add ]

ssh & X forwarding

For a while I was having issues with ssh X forwarding to my vserver. Finally found the problem. The problem is actually with X authentication against localhost, and setting localhost to the IP address of the machine in /etc/hosts solved that.

Also someone recommended putting "X11UseLocalhost no" in /etc/ssh/sshd_config.



raw access to block devices

vservers don't have the capabilities to create device nodes. However if you leave nodes in /dev accessible then they will be available to the root user in the vserver for unlimited access.

To protect the system from cross vserver contamination, you should nuke all block devices: 

        find /vservers/*/dev -type b | xargs --max-args=100 rm -f
Now if anyone breaks into one vserver they will not be able to dd all over your disks.