x2x

Tom Buskey tbuskey at gmail.com
Thu Apr 21 14:20:01 EDT 2005 

-Y is in OpenSSH_4.0p1:

    -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not
             subjected to the X11 SECURITY extension controls.

as opposed to:
    -X      Enables X11 forwarding.  This can also be specified on a per-
             host basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the
             ability to bypass file permissions on the remote host (for the
             user's X authorization database) can access the local X11 dis-
             play through the forwarded connection.  An attacker may then be
             able to perform activities such as keystroke monitoring.

             For this reason, X11 forwarding is subjected to X11 SECURITY
             extension restrictions by default.  Please refer to the ssh -Y
             option and the ForwardX11Trusted directive in ssh_config(5) for
             more information.


I'd imagine -X would work as well, but with less security



On 4/21/05, Derek Martin <invalid at pizzashack.org> wrote:
> On Thu, Apr 21, 2005 at 01:19:18PM -0400, Matt Brodeur wrote:
> > On Thu, Apr 21, 2005 at 12:41:59PM -0400, Derek Martin wrote:
> > > I'm surrounded by systems.  Having multiple displays is cool, but
> > > having to use multiple keyboards and mouses to access them is not.  I
> > > want to use x2x to solve the problem, but I have some concerns about
> > > typing passwords and such over unencrypted X session.  Anyone know how
> > > to run x2x under ssh and make it work properly?  My attempts so far
> > > seem to have been futile...
> >
> >    It's been a few months since I've done this, but something like:
> >
> > remote.host$ ssh -Y control.host
> >
> > control.host$ x2x -east -to localhost:10
> 
> This is what I tried first, sans the -Y option.  No love.  Tried with
> the -Y option.  It doesn't exist.  Is it new?  I'm on FC2 running
> openssh-3.6.1p2.  The machines at work are ancient, running RH7.3...
> 
> Actually I tried it in the other direction as well, but that also
> didn't work.
> 
> I also tried searching, and found nothing.  The search you offered
> turned up nothing useful... only package repository entries.
> 
> --
> Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address.  Replying to it will result in
> undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.
> 
> 
>

More information about the gnhlug-discuss mailing list