Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
Hi,
Mark Seaborn <mseaborn@cmedresearch.com> writes:
> By default "ssh -X" doesn't use the XSecurity extension on Debian or
> Ubuntu. See "ForwardX11Trusted" on the ssh_config man page. I think
Now, that was an interesting observation! I can see it in the man page
now that I specifically look for it but I am certain I have read it
many times without paying attention to this difference in the past. In
fact, when I asked even the most security-aware debian-using friends
they too did not know that on a fresh debian box the "secure" way to
run X11 programs from university machines requires quite a lot of
typing:
ssh -o'ForwardX11Trusted no' -X remote.example.com
best regards,
Timo Lindfors
Reply to: