Bug 23116
| Summary: | X forwarding | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <mal> |
| Component: | openssh | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | Keywords: | FutureFeature |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-01-02 10:55:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
It may be not clear written above. It should read: If a computer running openssh server is compomized then any command can be executed on a client computer (running ssh client) through X protocol if X forwarding is set to "on". X11 forwarding will suddenly stop working and many users won't know what to do! Most people want it. If you don't like it turn it off on your box. This is a configuration issue, and as such, can't be set Right for everybody. For many users, defaulting to "on" is preferred. Use the "-x" option to ssh or modify the ssh_config to switch it off when you run ssh. |
The X forwarding in SSH client ForwardX11 yes line from /etc/ssh/ssh_config should be set to no. If the person really wants X the ssh -X user should be used. If the X forwarding is enabled, then if the server is compromized any command can be exeuted on a client using X protocol. This is a major security problem from my point of view.