Les Mikesell wrote:
Karanbir Singh wrote:
ssh -X <machine to connect to> firefox
you prolly meant -Y :D
Ok well just double checked and tested it here and -X works here. I knew about -Y but thought you only use that if you absolutely have too :)
the reason I would prefer -Y is that its ( well, the man page says anyway ) more secure than -X. Also, these days a lot of admins will disable -X functionality on machines. Have not come across anywhere -Y didnt work ( and the host OS was installed in the last 5 years ).
I am not doubting that -X will mostly work, but perhaps we should be promoting the idea of -Y a bit more.
Coming from a fedora client, you have had to specify -Y for a while for most things to work. But I don't think the man page makes it very clear what the difference is. What's a 'trusted' forwarding mean as opposed to any other kind?
here is ( a badly formated scrape from the man page )
----8<----
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user’s X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitor-ing.
----8<----
and the -Y option indicates: -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
----8<----
I am not quite sure about the implications of the X11 Security extension controls myself. But, i suppose thats worth some investigation.