Bug 23116 - X forwarding
Summary: X forwarding
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2001-01-01 22:41 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
0 users

Clone Of:
Last Closed: 2001-01-02 10:55:33 UTC

Attachments (Terms of Use)

Description Need Real Name 2001-01-01 22:41:28 UTC
The X forwarding in SSH client

        ForwardX11 yes

line from /etc/ssh/ssh_config

should be set to no.
If the person really wants X the
ssh -X user@host.name
should be used.
If the X forwarding is enabled,
then if the server is compromized
any command can be exeuted on a client using X protocol.

This is a major security problem from my point of view.

Comment 1 Need Real Name 2001-01-01 22:49:51 UTC
It may be not clear written above.
It should read:

If a computer running openssh server is compomized then 
any command can be executed on a client computer
(running ssh client) through X protocol if X forwarding is set to "on".

Comment 2 Gerald Teschl 2001-01-02 10:55:24 UTC
X11 forwarding will suddenly stop working and many users won't know what to do!

Most people want it. If you don't like it turn it off on your box.

Comment 3 Nalin Dahyabhai 2001-01-16 02:29:48 UTC
This is a configuration issue, and as such, can't be set Right for everybody. 
For many users, defaulting to "on" is preferred.  Use the "-x" option to ssh or
modify the ssh_config to switch it off when you run ssh.

Note You need to log in before you can comment on or make changes to this bug.