What risk is X11Forward to a server?

Dave Dykstra dwd at bell-labs.com
Fri Oct 26 05:46:17 EST 2001

On Thu, Oct 25, 2001 at 02:23:57PM -0500, Dave Dykstra wrote:
> I agree that X11 forwarding on the server is not a problem; the problem is
> that a secure client can be put at risk from an insecure server.  If you're
> accessing a secure server from an insecure client you've got worse problems
> and X11 forwarding won't add any risk to the server.
> Why, then, doesn't OpenSSH set X11Forward=yes by default on the server?

I'm sorry that I hadn't yet gotten to the other thread that brought up the
same question.  Markus said it has been discussed before, I guess I'll
search the archives.

- Dave Dykstra

More information about the openssh-unix-dev mailing list