On 06/26/2015 12:16 AM, Alexandru Chiscan wrote:
Do not use that because any user logged on the server can connect to
your X server display and snoop what you are doing, open windows etc.
-Y disables all the X server authentication mechanisms
(http://www.x.org/wiki/Development/Documentation/Security/)
Not authentication, only SECURITY.
Any "root" user can connect to your X11 server, whether you use -X or
-Y, since they can read your .Xauthority file. Users who cannot read
your .Xauthority file cannot connect at all. The difference between
trusted and untrusted is that trusted clients can snoop keyboard events
or window contents. Untrusted clients cannot do that.
However, on Fedora, ForwardX11Trusted is "yes" by default (see
ssh_config), so -X and -Y do the same thing.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
