Hello Stuart,
On 06/25/2015 11:51 PM, Stuart Barkley wrote:
Do not use that because any user logged on the server can connect to your X server display and snoop what you are doing, open windows etc.For (ssh based) X forwarding no X server needs to run on the server. I usually install the xorg-x11-xauth (necessary) and xterm (optional) rpms on all my servers in case X forwarding becomes necessary.Then from your desktop (assuming Linux already running X) in a local xterm do something like: ssh -Y remote-system
-Y disables all the X server authentication mechanisms (http://www.x.org/wiki/Development/Documentation/Security/)
I have been using ssh X forwarding for current work use (local betwork) for more than 15 years and never got into this kind of problem from RH 7 to Centos 7, AIX and Solaris.Note about -X versus -Y with ssh: -X enables basic X forwarding, It disables some X functionality making it "safer" to allow. -X also stops working after about 20 minutes (this is by design but not well documented). I only recently learned why it would stop working after pulling out the last of my hair.
Maybe it is some other issue that is closing your ssh connection (maybe you should use the KeepAlive options on the ssh server/client); just guessing.
-Y allows the full X protocol which might be a security risk. Some applications will only work with -Y. With this, remote X applications can grab keyboard interactions, grab passwords, put windows on top of other windows (obscuring security messages), etc. For my own choice I use -Y (although I only enable it occasionally to specific systems).
It is a security risk as I said above any user logged on the server can connect to your display X server without you knowing.
Lec _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
