[CentOS] X11 problem with remote login via SSH

Wed Apr 28 20:45:20 UTC 2010
Paul Heinlein <heinlein at madboa.com>

On Wed, 28 Apr 2010, Les Mikesell wrote:

>> ForwardX11Trusted yes
>
> Does anyone know what trusted actually means in this context?

>From the xauth(1) man page:

     If the trusted option is used, clients that connect using this
     authorization will have full run of the display, as usual.  If
     untrusted is used, clients that connect using this authorization
     will be considered untrusted and prevented from stealing or
     tampering with data belonging to trusted clients. See the SECURITY
     extension specification for full details on the restrictions
     imposed on untrusted clients.  The default is untrusted.

Anecdotally, I've seen the mismatch symptoms most clearly when running 
multipane applications. I *think* the dynamic is that one pane holds 
keyboard/mouse focus, another pane cannot take it.

I haven't seen many folks come to the defense of the X Security 
Extension, so I'm unsure if there's any real risk to enabling 
ForwardX11Trusted anywhere you'd normally ForwardX11 anyway.

The reference document:

   http://refspecs.freestandards.org/X11/security.pdf

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/