Bug 23116 - X forwarding
Summary: X forwarding
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-01 22:41 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-01-02 10:55:33 UTC
Embargoed:

Attachments (Terms of Use)

Description Need Real Name 2001-01-01 22:41:28 UTC 
The X forwarding in SSH client

        ForwardX11 yes

line from /etc/ssh/ssh_config

should be set to no.
If the person really wants X the
ssh -X user
should be used.
If the X forwarding is enabled,
then if the server is compromized
any command can be exeuted on a client using X protocol.

This is a major security problem from my point of view.
Comment 1 Need Real Name 2001-01-01 22:49:51 UTC 
It may be not clear written above.
It should read:

If a computer running openssh server is compomized then 
any command can be executed on a client computer
(running ssh client) through X protocol if X forwarding is set to "on".
Comment 2 Gerald Teschl 2001-01-02 10:55:24 UTC 
X11 forwarding will suddenly stop working and many users won't know what to do!

Most people want it. If you don't like it turn it off on your box.
Comment 3 Nalin Dahyabhai 2001-01-16 02:29:48 UTC 
This is a configuration issue, and as such, can't be set Right for everybody. 
For many users, defaulting to "on" is preferred.  Use the "-x" option to ssh or
modify the ssh_config to switch it off when you run ssh.
Note You need to log in before you can comment on or make changes to this bug.