[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh "-Y" option

From: Chris Danis <>
To: cslug-l <>
Subject: Re: ssh "-Y" option
Date: Fri, 11 Nov 2005 12:20:49 -0500

On 11/11/05, Rick Cochran <> wrote:
> What are the implications of using the "-Y" option of ssh?

According to the ssh manpage, the option is equivalent to the
ssh_config ForwardX11Trusted option, which is described as follows:

---
If this option is set to "yes" then remote X11 clients will have
full access to the original X11 display.

If this option is set to "no" then remote X11 clients will be
considered untrusted and prevented from stealing or tampering with
data belonging to trusted X11 clients.  Furthermore, the xauth(1)
token used for the session will be set to expire after 20 minutes.
Remote clients will be refused access after this time.

The default is "yes" (Debian-specific).

See the X11 SECURITY extension specification for full details on the
restrictions imposed on untrusted clients.
---

You can find more details on the security extension by Googling for
x11 security extension.

-chris

Follow-Ups:
- Re: ssh "-Y" option
  - From: Rick Cochran <>

References:
- ssh "-Y" option
  - From: Rick Cochran <>

Prev by Date: ssh "-Y" option
Next by Date: Re: ssh "-Y" option
Previous by thread: ssh "-Y" option
Next by thread: Re: ssh "-Y" option
Index(es):
- Date
- Thread