Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Users

Allow NON-Authenticated X11 Connections - How insecure/secure?

 

 

OpenSSH users RSS feed   Index | Next | Previous | View Threaded


jonelwoodprice at gmail

Apr 19, 2010, 9:47 PM

Post #1 of 3 (1248 views)
Permalink
Allow NON-Authenticated X11 Connections - How insecure/secure?

Hi,

How secure (or insecure) is it to NOT require X11 Authentication but
DO use ssh/X Forwarding?

I have an application which works a lot easier if X11 Authentication
is disabled, though I'm still using ssh w. X11 Forwarding.
But would like to get an idea of the risks.

Thanks,
Jon


alserkli at inbox

Apr 21, 2010, 11:46 PM

Post #2 of 3 (1194 views)
Permalink
Re: Allow NON-Authenticated X11 Connections - How insecure/secure? [In reply to]

On Tue, 20 Apr 2010, Jon Price wrote:
> How secure (or insecure) is it to NOT require X11 Authentication but
> DO use ssh/X Forwarding?
>
> I have an application which works a lot easier if X11 Authentication
> is disabled, though I'm still using ssh w. X11 Forwarding.
> But would like to get an idea of the risks.

If you use X11 without authentication, then anyone who can open
an X-connection to your X-server (usually, just a 6000/tcp
connection), can run a keylogger to grab all your keystrokes
(search xquerykeymap for details).

--
Regards,
ASK


jonelwoodprice at gmail

Apr 22, 2010, 11:09 AM

Post #3 of 3 (1188 views)
Permalink
Re: Allow NON-Authenticated X11 Connections - How insecure/secure? [In reply to]

Hi,

You said...
If you use X11 without authentication, then anyone who can open
> an X-connection to your X-server (usually, just a 6000/tcp
> connection), can run a keylogger to grab all your keystrokes
> (search xquerykeymap for details).
>

But I will use ssh with X11 Forwarding. The "X11 Authentication" being
disabled is what I'm asking about.

Won't the ssh w X11 Forwarding protect me against scenarios like the
one you describe?

Thanks,
Jon






On Thu, Apr 22, 2010 at 2:46 AM, Alexander Klimov <alserkli [at] inbox> wrote:
> On Tue, 20 Apr 2010, Jon Price wrote:
>> How secure (or insecure) is it to NOT require X11 Authentication but
>> DO use ssh/X Forwarding?
>>
>> I have an application which works a lot easier if X11 Authentication
>> is disabled, though I'm still using ssh w. X11 Forwarding.
>> But would like to get an idea of the risks.
>
> If you use X11 without authentication, then anyone who can open
> an X-connection to your X-server (usually, just a 6000/tcp
> connection), can run a keylogger to grab all your keystrokes
> (search xquerykeymap for details).
>
> --
> Regards,
> ASK
>

OpenSSH users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.