Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 03 Mar 2004 14:59:51 -0800
From:      "Kevin Oberman" <oberman@es.net>
To:        naddy@mips.inka.de (Christian Weisgerber)
Cc:        freebsd-current@freebsd.org
Subject:   Re: Breakage in X11 over ssh tunnel 
Message-ID:  <20040303225951.6647E5D07@ptavv.es.net>
In-Reply-To: Your message of "Wed, 03 Mar 2004 02:46:33 GMT." <c23gu9$1fm4$1@kemoauc.mips.inka.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
> From: naddy@mips.inka.de (Christian Weisgerber)
> Date: Wed, 3 Mar 2004 02:46:33 +0000 (UTC)
> Sender: owner-freebsd-current@freebsd.org
> 
> Kevin Oberman <oberman@es.net> wrote:
> 
> > In all of my system running current that are newer than 2/26/04 I am
> > unable to run X applications over an SSH tunnel. I get a variety of
> > errors, most pretty non-sensical, when I try. The tunnels are from
> > stable systems to current system from yesterday or today.
> 
> OpenSSH's X11 forwarding now defaults to providing untrusted client
> access, which prevents the X11 clients from performing some operations.
> Alas, many X11 programs (or the toolkits they're based on, e.g GTK1)
> rely on trusted privileges and fail if these aren't available.
> 
> You can enabled trusted X11 forwarding with ssh's -Y switch or the
> ForwardX11Trusted configuration option.  Note that this poses a
> security risk if the host where the X11 client runs is under somebody
> else's control or has been compromised.
> 
> -- 
> Christian "naddy" Weisgerber                          naddy@mips.inka.de

Christian,

Thanks for the pointer, but I can't find any reference to this in either
the documentation or in the source except that it exists in the ssh.1
file only as an entry in a list of options that may be specified. -Y is
not listed at all. I'd love to find out exactly what this does!
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040303225951.6647E5D07>