Описание тега x11-forwarding

Описание тега Вопросы с тегом

X11 forwarding means tunneling traffic of X server and X client through a secure channel to avoid anyone from intercepting the traffic. Most often the forwarding is done through a ssh tunnel.

When Xforwarding has been enabled in the ssh server configuration, an ssh connection capable of handling X traffic can be taken with commands ssh -X hostname or ssh -Y hostname.

X11 forwarding has some security implications. The remote server has ability to control the X environment in the local machine. If the remote host is malicious, it is possible to spy on local users session. In ssh the -X flag treats the remote client as untrusted and runs X11 forwarding with SECURITY extensions enabled. These prevent the most serious snooping such as key logging and taking screenshots. However, controlling X window environment is still possible. -Y flag treats the remote client as trusted which allows full control of the local X window environment. This option should be used even more cautiously and is necessary only in some specific cases such as running screencast programs or macro recorders.