On 2017-03-23 21:24, Yamaban wrote:
On Thu, 23 Mar 2017 21:03, Carlos E. R. wrote:
On 2017-03-23 20:28, David C. Rankin wrote:
On 03/22/2017 08:29 PM, L A Walsh wrote:
The "-X" switch is only for ssh's from an ssh you don't have configured yet. I.e. usually I have everything about my ssh session configured in my .ssh/config file so I don't need command line flags.
In the current climate, it is far better to use -Y instead of -X, that way trusted clients are not subject to the X11 security control extensions.
I'm always confused by the wording in the man page re X or Y. Which one is "safer"?
Short and incomplete answer is: -X is the old stuff, the old and buggy X11 security control extensions come to play with all their errors. Calling that "safe" is questionable.
-Y is the new replacement for -X, for any X server that you trust enough enough to "work like local login".
Use -Y for any server that you can trust enough to do so. use -X only for those that you do not trust and thus relay on the X11 security control extensions.
see "man 1 ssh" for more info.
Well, I asked because I don't understand that page O:-) From the above, I understand that -X does more verifications, it is more strict, and it is thus safer. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))