zlacker

[parent] [thread] 1 comments
1. rst+(OP)[view] [source] 2011-04-24 01:44:01
So, trying again... here are the caveats on -X, from the man page on the current version[1]:

     -X      Enables X11 forwarding.  This can also be specified on a per-host
             basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the
             ability to bypass file permissions on the remote host (for the
             user's X authorization database) can access the local X11 display
             through the forwarded connection.  An attacker may then be able
             to perform activities such as keystroke monitoring.
So, it's not documented as being proof against hostile parties with root at the remote end; in fact, it's documented as being vulnerable...

[1] http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion...

replies(1): >>teduna+r2
2. teduna+r2[view] [source] 2011-04-24 03:53:22
>>rst+(OP)
That's why the next paragraph exists.

    For this reason, X11 forwarding is subjected to X11
    SECURITY extension restrictions by default.  Please
    refer to the ssh -Y option and the ForwardX11Trusted
    directive in ssh_config(5) for more information.
[go to top]