Hi, You said... If you use X11 without authentication, then anyone who can open > an X-connection to your X-server (usually, just a 6000/tcp > connection), can run a keylogger to grab all your keystrokes > (search xquerykeymap for details). > But I will use ssh with X11 Forwarding. The "X11 Authentication" being disabled is what I'm asking about. Won't the ssh w X11 Forwarding protect me against scenarios like the one you describe? Thanks, Jon On Thu, Apr 22, 2010 at 2:46 AM, Alexander Klimov <alserkli@xxxxxxxx> wrote: > On Tue, 20 Apr 2010, Jon Price wrote: >> How secure (or insecure) is it to NOT require X11 Authentication but >> DO use ssh/X Forwarding? >> >> I have an application which works a lot easier if X11 Authentication >> is disabled, though I'm still using ssh w. X11 Forwarding. >> But would like to get an idea of the risks. > > If you use X11 without authentication, then anyone who can open > an X-connection to your X-server (usually, just a 6000/tcp > connection), can run a keylogger to grab all your keystrokes > (search xquerykeymap for details). > > -- > Regards, > ASK >
