On Wed, 2010-05-12 at 11:15 -0700, Suvayu Ali wrote: > On Wednesday 12 May 2010 08:55 AM, Kevin Fenzi wrote: > > On Tue, 11 May 2010 21:42:35 -0700 > > Suvayu Ali<fatkasuvayu+linux@xxxxxxxxx> wrote: > > > >> I think the man page for ssh is a little misleading (mis-worded > >> maybe?). I posted the relevant section from `man 5 ssh_config' in > >> another message to this thread. That seems to imply otherwise. > >> > >> I'm not at all well versed in anything X, given the above mentioned > >> doc would you still think its better to use -X over -Y? > > > > Yes. > > > > Only use -Y if -X doesn't work, or you are in a isolated/trusted env > > where you know no one else will ever have access to the machine you are > > connecting to. ;) > > > > At least that would be my advice. > > > > Okay, thanks for the response. :) I'll see whether this affects my use > case for ssh (usually its some remote server with _no_ physical access > to anyone). I would like to clarify one thing. This isn't about physical access. If you use -Y then no access controls apply. That is, X apps do not have to identify themselves to the server using a secret from your .Xauthority file. Anyone logged into the remote system can set DISPLAY to point to your socket and listen in to everything going on in your X server. They can mirror windows to their own screen, grab all keyboard input, etc... If you cannot get -X to work it may be as simple as the xauth command not being installed at the remote end. sshd needs to run xauth to push the authentication secret into the .Xauthority file. When ssh'ing between systems with a common home directory the file is there already, so a missing xauth may not really matter. -- birger -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines