I wrote a while ago about my security concerns regarding
xhost +
xterm -display mypc:0
Way back then, I suggested ssh tunnel. SSH is pretty easy to set up, by enabling the X11Forwarding option.
In OpenSSH 3.8 release note, 2004, there was a new default .
ssh(1) now uses untrusted cookies for X11-Forwarding
In the man ssh_config page, it’s still documented as being the default
ForwardX11Trusted The default is ‘no’
But it actually isn’t on most *ix derivates, e.g. RedHat /etc/ssh/ssh_config
# If this option is set to yes then
# remote X11 clients will have full access
# to the original X11 display. As virtually
# no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
Who is we?
Okay, let’s go back.
If you use the unsafest method, xhost + and xterm -display pc:0, then you grant everybody the right to manipulate X.
If you use trusted ssh, which is the _undocumented_ default in Linux, then you grant this right only to anyone with access to your authority, most probably located in the file $HOME/.Xauthority. So root and yourself, at least.
If you trust neither yourself nor root, you could restrict access to your resource, preventing one hacker from switching your mouse buttons or doing a screenshot. But this is probably going to prevent most of your applications from working. Also, it probably won’t work at all if you use putty, reflection and (virtually any?) other client tools.
If you want to force Trusted mode, use -Y or -o ForwardX11Trusted=yes.
If you want to force Untrusted mode, use -X and -o ForwardX11Trusted=no.
If you use only -X, it may transparently defaults to the more convenient but less secure -Y. Sometimes. At least on Linux OpenSSH. But if you use different Unix / SSH flavours, the -X may ends with an error message like connection to “localhost:10.0” refused by server. In that case, simply use -Y. Actually, always use -Y if you want Trusted.
“If you use only -X, it may transparently defaults to the more convenient but less secure -Y”
Could you please verify this?
The ssh_config(5) man file states:
DESCRIPTION
ssh(1) obtains configuration data from the following sources in the
following order:
1. command-line options
2. user’s configuration file (~/.ssh/config)
3. system-wide configuration file (/etc/ssh/ssh_config)
For each parameter, the first obtained value will be used.
According to that, the command line parameter should override anything else. -X and -Y should work as documented.
in Linux RedHat, -X does not exist. If you type -X, it will use Trusted Mode
$ ssh -o ForwardX11Trusted=no srv01 xterm
Xlib: connection to "localhost:12.0" refused by server
Xlib: PuTTY X11 proxy: Authorisation not recognised
xterm Xt error: Can't open display: localhost:12.0
$ ssh -X srv01 xterm
$
As you see, if you use -X, it does not force Untrusted on Linux
On AIX, if you use -X, it really does the Trusted=no thing