Red Hat Bugzilla – Bug 23116
Last modified: 2008-05-01 11:37:59 EDT
The X forwarding in SSH client
line from /etc/ssh/ssh_config
should be set to no.
If the person really wants X the
ssh -X email@example.com
should be used.
If the X forwarding is enabled,
then if the server is compromized
any command can be exeuted on a client using X protocol.
This is a major security problem from my point of view.
It may be not clear written above.
It should read:
If a computer running openssh server is compomized then
any command can be executed on a client computer
(running ssh client) through X protocol if X forwarding is set to "on".
X11 forwarding will suddenly stop working and many users won't know what to do!
Most people want it. If you don't like it turn it off on your box.
This is a configuration issue, and as such, can't be set Right for everybody.
For many users, defaulting to "on" is preferred. Use the "-x" option to ssh or
modify the ssh_config to switch it off when you run ssh.