10.4: Restore X11 forwarding via ssh -Y

May 15, '05 01:04:00AM

Contributed by: Anonymous

Tiger only hintI began encountering errors after installing Tiger when using an X11 forwarding session on my Mac to a remote machine using ssh -X, and then trying to run remote X-apps.

To overcome the errors, I found I now have to use the -Y option instead of the -X option with ssh to start X11 forwarding properly. The -Y option is the same as -X, but is more strict about security. From the man page:

-X      Enables X11 forwarding.  This can also be specified on a per-host
         basis in a configuration file.

         X11 forwarding should be enabled with caution.  Users with the
         ability to bypass file permissions on the remote host (for the
         user's X authorization database) can access the local X11 display
         through the forwarded connection.  An attacker may then be able
         to perform activities such as keystroke monitoring.

-Y      Enables trusted X11 forwarding.
Thus, Tiger seems to be more strict about X11 forwarding than was Panther...

Comments (3)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20050504114932249