Re: Remote X display access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2011-01-02 at 13:53 -0500, Alex wrote:
> Hi,
> 
> >> What is the best way to securely permit a remote X application to
> >> display on as local system?
> ...
> 
> > Here's what I do:
> > local machine: ssh -YC [email protected]
> 
> I tried "ssh -X [email protected]" and that appeared to work fine. What is the
> difference between these two commands? Will I be able to perform all
> functions remotely using my method, or is the -Y preferred?
> 
> Thanks for everyone's help. xhost with X11R5 is what I recalled using :-)

-C is compression (recommended)
-X is untrusted X forwarding
-Y is trusted X forwarding

TBH, there's rarely a difference between -X and -Y at this point, though
-Y should in theory permit some things that -X doesn't (and therefore -X
could be more secure). See the SECURITY extension for X for details
(short version: there are two different levels of authorization
available via MIT Cookies; using an untrusted cookie should help
mitigate risks such as the remote system snooping your activity,
injecting events into other windows, or taking a screenshot/screencast).

Note that you can place a command at the end of the ssh command:

	ssh -XC [email protected] system-config-config-services

And then you can put that in an application launcher if you want. Using
key-based access, you could then just click an icon/menu entry/panel
button to run the app remotely.

-Chris

-- 
users mailing list
[email protected]
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux