Im confused about the difference between trusted and untrusted X11 forwarding. What does “Warning: untrusted X11 forwarding setup failed: xauth key data not generated” mean?
The warning means that ssh is going to use trusted X11 forwarding because untrusted X11 forwarding depends on the security extension, which isn’t built into the Xserver and has been disabled by default upstream. Trusted X11 forwarding means that you trust the server that you wish to ssh into is not using any keyloggers, screenshot utilities, packet sniffers, or anything else to hijack your connection. Such programs could be run by a malicious or compromised root user on the ssh server, or under your account if it was compromised on the ssh server. The X server will allow remote clients to do whatever a local client would be able to do to your X session. So why is this disabled? Untrusted X11 forwarding was meant to be a way to allow logins to unknown or insecure systems. It generates a cookie with xauth and uses the security extension to limit what the remote client is allowed to do. But this is widely considered to be not useful, because the security extension uses an arbitrary and li
Related Questions
- Im confused about the difference between trusted and untrusted X11 forwarding. What does "Warning: untrusted X11 forwarding setup failed: xauth key data not generated" mean?
- What does "Warning: no xauth data; using fake authentication data for X11 forwarding" mean?
- What does Warning: remote host denied X11 forwarding mean?
