Les Mikesell said: > On Wed, 2005-04-06 at 15:48, William Hooper wrote: > >>>> >>>> http://openssh.org/faq.html#3.13 >>>> >>>> >>> >>> There are probably at least a dozen people somewhere that might >>> understand that paragraph, but I'm not one of them. What's the >>> difference between a trusted and untrusted cookie, and why do I need >>> to care now? (I think this relates to when -X works from the client >>> and when -Y is necessary, but maybe not...). >> >> As "man ssh_config" states "See the X11 SECURITY extension >> specification for full details on the restrictions imposed on untrusted >> clients." This is really an option that SSH passes to xauth. > > Thanks, but you still lost me at 'untrusted'. What makes a client > trusted or not? As it pertains to SSH, 'untrusted' is anything you forward with "ForwardX11Trusted no". > If it's left up to me to decide, why would I run an > untrusted one at all? You don't trust the admin of the server you are SSHing into. -- William Hooper