Here is info from the
OpenSSH man page on ssh:
Quote:
|
Originally Posted by OpenSSH manpage -X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY ex-
tension restrictions by default. Please refer to the ssh -Y op-
tion and the ForwardX11Trusted directive in ssh_config(5) for
more information.
-x Disables X11 forwarding. -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
subjected to the X11 SECURITY extension controls. |
I wasn't aware of the "-Y" option, until I found this thread. I hope all who use it are aware of the security implications of using it.
Peace...