Re: Let me ask the most FAQ, too
Re: Let me ask the most FAQ, too
- Subject: Re: Let me ask the most FAQ, too
- From: Ronnie Misra <email@hidden>
- Date: Mon, 16 Feb 2004 11:06:52 -0800
On Feb 16, 2004, at 10:10 AM, Ronnie Misra wrote:
Apple X11 uses xauth by default, and will only allow clients to
connect if they know your server's "magic cookie". Every time you
restart X11, a new cookie is generated. When you ssh into another
machine, your ssh client tells sshd on the server to add that cookie.
That is why other shells on the remote machine can access your
display. However, other *users* should not be able to access your
display, since they won't know your cookie. It's not enough for them
to just guess your port.
Actually, just for the sake of technical correctness, from
<http://www.openssh.org/features.html>:
X11 forwarding allows the encryption of remote X windows traffic, so
that nobody can snoop on your remote xterms or insert malicious
commands. The program automatically sets DISPLAY on the server
machine, and forwards any X11 connections over the secure channel.
Fake Xauthority information is automatically generated and forwarded
to the remote machine; the local client automatically examines
incoming X11 connections and replaces the fake authorization data with
the real data (never telling the remote machine the real information).
Ronnie
_______________________________________________
x11-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/x11-users
X11 for Mac OS X FAQ: http://developer.apple.com/qa/qa2001/qa1232.html
Report issues, request features, feedback: http://developer.apple.com/bugreporter
Do not post admin requests to the list. They will be ignored.