X11 forward in F12

[birger]

On Wed, 2010-05-12 at 11:15 -0700, Suvayu Ali wrote:
> On Wednesday 12 May 2010 08:55 AM, Kevin Fenzi wrote:
> > On Tue, 11 May 2010 21:42:35 -0700
> > Suvayu Ali<fatkasuvayu+linux at gmail.com>  wrote:
> >
> >> I think the man page for ssh is a little misleading (mis-worded
> >> maybe?). I posted the relevant section from `man 5 ssh_config' in
> >> another message to this thread. That seems to imply otherwise.
> >>
> >> I'm not at all well versed in anything X, given the above mentioned
> >> doc would you still think its better to use -X over -Y?
> >
> > Yes.
> >
> > Only use -Y if -X doesn't work, or you are in a isolated/trusted env
> > where you know no one else will ever have access to the machine you are
> > connecting to. ;)
> >
> > At least that would be my advice.
> >
> 
> Okay, thanks for the response. :) I'll see whether this affects my use 
> case for ssh (usually its some remote server with _no_ physical access 
> to anyone).

I would like to clarify one thing. This isn't about physical access. If
you use -Y then no access controls apply. That is, X apps do not have to
identify themselves to the server using a secret from your .Xauthority
file. Anyone logged into the remote system can set DISPLAY to point to
your socket and listen in to everything going on in your X server. They
can mirror windows to their own screen, grab all keyboard input, etc...

If you cannot get -X to work it may be as simple as the xauth command
not being installed at the remote end. sshd needs to run xauth to push
the authentication secret into the .Xauthority file.

When ssh'ing between systems with a common home directory the file is
there already, so a missing xauth may not really matter.

-- 
birger