On Mon, 6 Jul 2015, Liam O'Toole wrote:
On 2015-07-05, Gordon Messmer > gordon.messmer@gmail.com wrote:
On 07/05/2015 04:51 AM, Liam O'Toole wrote:
At this point, I don't think it's even possible to set ForwardX11Trusted=no any more. The X SECURITY extension was replaced with "X Access Control Extension" several years ago.
The perceived difference was a general impression on my part, and not measured scientifically. Moreover, it was formed years ago, and on a variety of Linux systems. I concede that it may well be obsolete.
EL6:
ssh -X -o ForwardX11Trusted=no somehost xterm <select some text in the window>
X Error of failed request: BadAccess (attempt to access private resource denied)
ssh -Y -o ForwardX11Trusted=no somehost xterm <select some text in the window>
All well.
ssh -X -o ForwardX11Trusted=yes somehost xterm <select some text in the window>
All well (unsurprising really, seeing as it means the same thing).
-X/-Y/ForwardX11Trusted still do exactly what they've always done, no?
You're trusting the remote host to not misbehave if you use -Y or ForwardX11Trusted=yes since at the very least you're opening up a fairly large information leakage to the remote host. That's fine if you do trust it, but it really isn't if you don't, surely?
jh