SSH / X11 auth: needless complexity -> security problems?

James Ralston qralston+ml.openssh-unix-dev at
Sat Jun 9 06:20:09 EST 2001

On Wed, 6 Jun 2001, Markus Friedl posted the following to Bugtraq:

> this feature [placing the X11 cookie file in /tmp] was inherited
> from ossh and the reason was:
>       1) if $HOME is on NFS, then the cookie travels unencrypted
>          over the network, this defeats the purpose of X11-fwding
>       2) $HOME/.Xauthority gets polluted with temorary cookies.
> however, i'm not sure whether the benefit justifies the complexity,
> so this feature could be removed from future OpenSSH versions.

Please do not remove this feature.  On many of the systems I have to
access, I am in that exact same situation--my home directory is on
NFS, and I most emphatically DO NOT want my X11 cookies stored there.
Not only does doing so cause my cookies to cross the wire unecrypted,
but if I then su, I can't access the cookies without special pains
(because the NFS servers in question all map the client's root to

In fact, one of the (many) reasons I'm motivated to replace the rest
of our servers with openssh servers is *because* I'll get rid
of's "I'll just munge the .Xauthority file in your home
directory, mwa ha ha!" behavior.  Openssh's behavior is conceptually
cleaner, even if the price that is paid for it is careful attention to
the creation/deletion of the cookie file (and its containing

(There's also no real way I can implement the placement myself.  My
shell rc file automatically exports a TMPDIR value that it creates on
the fly using "mktemp -d", but openssh has to place the cookies file
before the shell is invoked...)

James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA

More information about the openssh-unix-dev mailing list