On Sun, 2011-01-02 at 13:53 -0500, Alex wrote: > Hi, > > >> What is the best way to securely permit a remote X application to > >> display on as local system? > ... > > > Here's what I do: > > local machine: ssh -YC username@xxxxxxxxxxxxxxxxx > > I tried "ssh -X user@host" and that appeared to work fine. What is the > difference between these two commands? Will I be able to perform all > functions remotely using my method, or is the -Y preferred? > > Thanks for everyone's help. xhost with X11R5 is what I recalled using :-) -C is compression (recommended) -X is untrusted X forwarding -Y is trusted X forwarding TBH, there's rarely a difference between -X and -Y at this point, though -Y should in theory permit some things that -X doesn't (and therefore -X could be more secure). See the SECURITY extension for X for details (short version: there are two different levels of authorization available via MIT Cookies; using an untrusted cookie should help mitigate risks such as the remote system snooping your activity, injecting events into other windows, or taking a screenshot/screencast). Note that you can place a command at the end of the ssh command: ssh -XC user@host system-config-config-services And then you can put that in an application launcher if you want. Using key-based access, you could then just click an icon/menu entry/panel button to run the app remotely. -Chris -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
