Allow NON-Authenticated X11 Connections

Discussion:

Allow NON-Authenticated X11 Connections - How insecure/secure?

(too old to reply)

Jon Price

2010-04-20 04:47:55 UTC

Hi,

How secure (or insecure) is it to NOT require X11 Authentication but
DO use ssh/X Forwarding?

I have an application which works a lot easier if X11 Authentication
is disabled, though I'm still using ssh w. X11 Forwarding.
But would like to get an idea of the risks.

Thanks,
Jon

Alexander Klimov

2010-04-22 06:46:45 UTC

Permalink

Post by Jon Price
How secure (or insecure) is it to NOT require X11 Authentication but
DO use ssh/X Forwarding?
I have an application which works a lot easier if X11 Authentication
is disabled, though I'm still using ssh w. X11 Forwarding.
But would like to get an idea of the risks.

If you use X11 without authentication, then anyone who can open
an X-connection to your X-server (usually, just a 6000/tcp
connection), can run a keylogger to grab all your keystrokes
(search xquerykeymap for details).

--
Regards,
ASK

Jon Price

2010-04-22 18:09:25 UTC

Permalink

Hi,

You said...
If you use X11 without authentication, then anyone who can open

Post by Alexander Klimov
an X-connection to your X-server (usually, just a 6000/tcp
connection), can run a keylogger to grab all your keystrokes
(search xquerykeymap for details).

But I will use ssh with X11 Forwarding. The "X11 Authentication" being
disabled is what I'm asking about.

Won't the ssh w X11 Forwarding protect me against scenarios like the
one you describe?

Thanks,
Jon

Post by Alexander Klimov