Correct me if i'm wrong.
Probably the
option is the more secure compared to
Because ssh -X require two type of authentication: the ssh(password, kerberos, or public key) and the x11(xauth, xhost) authentication.
When we use
which is called "trusted" we trust the host and we bypass the X11 auth so we don't need to use the command xhost.
So in my opinion
is more safest, there is only one problem: with the latest version of ssh seems to give this problem
I did
and I get those two errors
Code:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Code:
debug2: client_x11_get_proto: xauth command: /usr/bin/xauth -f /tmp/ssh-KYHfkmGN25fa/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1260 2>/dev/null
when I try to run xauth command directly give me this error
Code:
/usr/bin/xauth -f /tmp/ssh-KYHfkmGN25fa/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1260
/usr/bin/xauth: error in locking authority file /tmp/ssh-KYHfkmGN25fa/xauthfile
I did this (useless) workaround: editing ssh_config and enabled those lines
Code:
Host *
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
ssh -X now works fine but there is only one problem
I have try to disable access
and running ssh -X still accept the host! So I think that
ForwardX11Trusted yes override ForwardX11 yes
After editing ssh_config
Code:
Host *
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted no
and ssh -X don't work.
So the problem is still open.
The question is: we are forced to use ssh -Y or there is a solution?
Thanks
I'm on Slackware current with the latest ssh package