Bug 23116 - X forwarding
X forwarding
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2001-01-01 17:41 EST by Need Real Name
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-01-02 05:55:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-01-01 17:41:28 EST
The X forwarding in SSH client

        ForwardX11 yes

line from /etc/ssh/ssh_config

should be set to no.
If the person really wants X the
ssh -X user@host.name
should be used.
If the X forwarding is enabled,
then if the server is compromized
any command can be exeuted on a client using X protocol.

This is a major security problem from my point of view.
Comment 1 Need Real Name 2001-01-01 17:49:51 EST
It may be not clear written above.
It should read:

If a computer running openssh server is compomized then 
any command can be executed on a client computer
(running ssh client) through X protocol if X forwarding is set to "on".
Comment 2 Gerald Teschl 2001-01-02 05:55:24 EST
X11 forwarding will suddenly stop working and many users won't know what to do!

Most people want it. If you don't like it turn it off on your box.
Comment 3 Nalin Dahyabhai 2001-01-15 21:29:48 EST
This is a configuration issue, and as such, can't be set Right for everybody. 
For many users, defaulting to "on" is preferred.  Use the "-x" option to ssh or
modify the ssh_config to switch it off when you run ssh.

Note You need to log in before you can comment on or make changes to this bug.