Re: X11 forward in F12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 12 May 2010 02:25 PM, birger wrote:
> On Wed, 2010-05-12 at 11:15 -0700, Suvayu Ali wrote:
>> On Wednesday 12 May 2010 08:55 AM, Kevin Fenzi wrote:
>>> On Tue, 11 May 2010 21:42:35 -0700
>>> Suvayu Ali<fatkasuvayu+linux@xxxxxxxxx>   wrote:
>>>
>>>> I think the man page for ssh is a little misleading (mis-worded
>>>> maybe?). I posted the relevant section from `man 5 ssh_config' in
>>>> another message to this thread. That seems to imply otherwise.
>>>>
>>>> I'm not at all well versed in anything X, given the above mentioned
>>>> doc would you still think its better to use -X over -Y?
>>>
>>> Yes.
>>>
>>> Only use -Y if -X doesn't work, or you are in a isolated/trusted env
>>> where you know no one else will ever have access to the machine you are
>>> connecting to. ;)
>>>
>>> At least that would be my advice.
>>>
>>
>> Okay, thanks for the response. :) I'll see whether this affects my use
>> case for ssh (usually its some remote server with _no_ physical access
>> to anyone).
>
> I would like to clarify one thing. This isn't about physical access. If
> you use -Y then no access controls apply. That is, X apps do not have to
> identify themselves to the server using a secret from your .Xauthority
> file. Anyone logged into the remote system can set DISPLAY to point to
> your socket and listen in to everything going on in your X server. They
> can mirror windows to their own screen, grab all keyboard input, etc...
>
> If you cannot get -X to work it may be as simple as the xauth command
> not being installed at the remote end. sshd needs to run xauth to push
> the authentication secret into the .Xauthority file.
>
> When ssh'ing between systems with a common home directory the file is
> there already, so a missing xauth may not really matter.
>

Thank you for this very clear explanation. This wasn't clear to me from 
the documentation (my lack of understanding of X definitely shows :-p). 
I'll start changing all my `ssh -Y' aliases to `ssh -X'.

-- 
Suvayu

Open source is the future. It sets us free.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux