Mailing List Archive

On Tue, 20 Apr 2010, Jon Price wrote:
> How secure (or insecure) is it to NOT require X11 Authentication but
> DO use ssh/X Forwarding?
>
> I have an application which works a lot easier if X11 Authentication
> is disabled, though I'm still using ssh w. X11 Forwarding.
> But would like to get an idea of the risks.

If you use X11 without authentication, then anyone who can open
an X-connection to your X-server (usually, just a 6000/tcp
connection), can run a keylogger to grab all your keystrokes
(search xquerykeymap for details).

--
Regards,
ASK

Hi,

You said...
If you use X11 without authentication, then anyone who can open
> an X-connection to your X-server (usually, just a 6000/tcp
> connection), can run a keylogger to grab all your keystrokes
> (search xquerykeymap for details).
>

But I will use ssh with X11 Forwarding. The "X11 Authentication" being
disabled is what I'm asking about.

Won't the ssh w X11 Forwarding protect me against scenarios like the
one you describe?

Thanks,
Jon






On Thu, Apr 22, 2010 at 2:46 AM, Alexander Klimov <alserkli@inbox.ru> wrote:
> On Tue, 20 Apr 2010, Jon Price wrote:
>> How secure (or insecure) is it to NOT require X11 Authentication but
>> DO use ssh/X Forwarding?
>>
>> I have an application which works a lot easier if X11 Authentication
>> is disabled, though I'm still using ssh w. X11 Forwarding.
>> But would like to get an idea of the risks.
>
> If you use X11 without authentication, then anyone who can open
> an X-connection to your X-server (usually, just a 6000/tcp
> connection), can run a keylogger to grab all your keystrokes
> (search xquerykeymap for details).
>
> --
> Regards,
> ASK
>