UseLogin yes and X11 encryption

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
If I have UseLogin enabled, I realize that X11Forwarding is disabled
because login can't handle it. So if I export my display, do a xhost +,
and open an xterm, is my connection still encrypted? In other words,
are X11 packets still encrypted even though X11Forwarding is disabled?
I'm using recent versions of openssh.


Re: UseLogin yes and X11 encryption

Quoted text here. Click to load it

SSH encryption of X connections via X11Forwarding creates a tunnel to carry
such traffic safely, point-to-point, instead of exposing your local machine
to the world.

What you ve done is to completely open your local X server to remote
manipulation by anyone who can reach your machine from elsewhere in your
network, and depending on your configuratiion anywhere in the world. This
can include some very nasty vulnerabilities, and some amusing ones. When I
caught someone doing that at an old workplace, despite my repeated warnings
about it and explanations of how to use SSH X11 forwarding, I ran the
"xroach" program on their unsecured display without their knowledge while
they were away at lunch.

The screams when they moved a window and the roaches popped out from under
it and ran around the screen were *prize*, followed by the shaky laughter
when they figured out what had happened, and I showed them how to *splat*
the roaches wi" he mouse. It did make my point, and they stopped doing

Site Timeline