Re: Allow NON-Authenticated X11 Connections - How insecure/secure?

---

• From: Alexander Klimov <alserkli@xxxxxxxx>
• Date: Thu, 22 Apr 2010 09:46:45 +0300

---

On Tue, 20 Apr 2010, Jon Price wrote:

How secure (or insecure) is it to NOT require X11 Authentication but
DO use ssh/X Forwarding?

I have an application which works a lot easier if X11 Authentication
is disabled, though I'm still using ssh w. X11 Forwarding.
But would like to get an idea of the risks.

If you use X11 without authentication, then anyone who can open
an X-connection to your X-server (usually, just a 6000/tcp
connection), can run a keylogger to grab all your keystrokes
(search xquerykeymap for details).

--
Regards,
ASK

---

• Follow-Ups:
  • Re: Allow NON-Authenticated X11 Connections - How insecure/secure?
    • From: Jon Price

• References:
  • Allow NON-Authenticated X11 Connections - How insecure/secure?
    • From: Jon Price

• Prev by Date: Re: Returned post for secureshell@securityfocus.com
• Next by Date: Re: Allow NON-Authenticated X11 Connections - How insecure/secure?
• Previous by thread: Allow NON-Authenticated X11 Connections - How insecure/secure?
• Next by thread: Re: Allow NON-Authenticated X11 Connections - How insecure/secure?
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > Secure_Shell  > 2010-04