Michael Hennebry wrote:
Perhaps a -Y flag is required.
I'm not sure what "trusted X11 forwarding" means.
You can learn a little about trusted vs. untrusted clients by reading
the vulnerability paper that propted the SSH change:
http://www.giac.com/practical/GCIH/Holger_Van_Lengerich_GCIH.pdf
Basically, an untrusted client isn't able to change certain properties
of the root window, it's not able to grab keyboard and mouse focus, it's
not able to request certain information from trusted clients, etc.
Without the security restrictions, a hostile X11 client could capture
all of your keystrokes while it was running, for instance.