Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Restore X11 forwarding via ssh -Y System 10.4
Tiger only hintI began encountering errors after installing Tiger when using an X11 forwarding session on my Mac to a remote machine using ssh -X, and then trying to run remote X-apps.

To overcome the errors, I found I now have to use the -Y option instead of the -X option with ssh to start X11 forwarding properly. The -Y option is the same as -X, but is more strict about security. From the man page:
-X      Enables X11 forwarding.  This can also be specified on a per-host
         basis in a configuration file.

         X11 forwarding should be enabled with caution.  Users with the
         ability to bypass file permissions on the remote host (for the
         user's X authorization database) can access the local X11 display
         through the forwarded connection.  An attacker may then be able
         to perform activities such as keystroke monitoring.

-Y      Enables trusted X11 forwarding.
Thus, Tiger seems to be more strict about X11 forwarding than was Panther...
    •    
  • Currently 1.50 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[14,525 views]  

10.4: Restore X11 forwarding via ssh -Y | 3 comments | Create New Account
Click here to return to the '10.4: Restore X11 forwarding via ssh -Y' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Restore X11 forwarding via ssh -Y
Authored by: ptwithy on May 15, '05 12:55:53PM

-Y simply overrides the new default setting for ForwardX11Trusted. (It was formerly yes and is now no.) So by using -Y you are essentially saying you trust any clients on the remote machine. This was changed in openssh 3.8.



[ Reply to This | # ]
10.4: Restore X11 forwarding via ssh -Y
Authored by: ghinteclinn on May 16, '05 12:31:57PM

This is actually a poorly documented change in OpenSSH 3.8, not something Apple did with the X11 server. I say poorly because the details of the change are burried in the OpenSSH changelog. The change is quite well known to break X11 applications, everywhere, not just on OS X.



[ Reply to This | # ]
Fabulous! It worked!
Authored by: genericuser on Nov 01, '05 10:38:37AM

I was having many troubles with running remote X sessions. This fixed things for me. Thank you!



[ Reply to This | # ]