[CentOS] An odd X question
Gordon Messmer
gordon.messmer at gmail.com
Fri Jun 26 17:04:28 UTC 2015
On 06/26/2015 12:16 AM, Alexandru Chiscan wrote:
> Do not use that because any user logged on the server can connect to
> your X server display and snoop what you are doing, open windows etc.
>
> -Y disables all the X server authentication mechanisms
> (http://www.x.org/wiki/Development/Documentation/Security/)
Not authentication, only SECURITY.
Any "root" user can connect to your X11 server, whether you use -X or
-Y, since they can read your .Xauthority file. Users who cannot read
your .Xauthority file cannot connect at all. The difference between
trusted and untrusted is that trusted clients can snoop keyboard events
or window contents. Untrusted clients cannot do that.
However, on Fedora, ForwardX11Trusted is "yes" by default (see
ssh_config), so -X and -Y do the same thing.
More information about the CentOS
mailing list