[CentOS] An odd X question

Fri Jun 26 17:04:28 UTC 2015
Gordon Messmer <gordon.messmer at gmail.com>

On 06/26/2015 12:16 AM, Alexandru Chiscan wrote:
> Do not use that because any user logged on the server can connect to 
> your X server display and snoop what you are doing, open windows etc.
> -Y disables all the X server authentication mechanisms 
> (http://www.x.org/wiki/Development/Documentation/Security/)

Not authentication, only SECURITY.

Any "root" user can connect to your X11 server, whether you use -X or 
-Y, since they can read your .Xauthority file.  Users who cannot read 
your .Xauthority file cannot connect at all.  The difference between 
trusted and untrusted is that trusted clients can snoop keyboard events 
or window contents.  Untrusted clients cannot do that.

However, on Fedora, ForwardX11Trusted is "yes" by default (see 
ssh_config), so -X and -Y do the same thing.