Tuesday, November 22, 2011

Linux - ssh -X

To launch graphical programs from a ssh session, the -X flag must be specified.

from man ssh
-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions
on the remote host (for the user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able to perform activities such as key-
stroke monitoring.

For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default.
Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more
information.

I need to investigate the implications of those security warnings. It would be fantastic to implement that keystroke monitoring program.

No comments:

Post a Comment