Saturday, October 20, 2007

Slow X applications over SSH

Just a quick tip for those tunneling X applications over SSH and you experience slow responsiveness (not because of slow lines) or get the an error similar to the following
"Gdk-WARNING **: Connection to display localhost:10.0 appears to be untrusted. Pointer and keyboard grabs and inter-client communication may not work as expected."

try this "ssh -2 -4 -C -Y user@host". This enables trusted X forwarding which removes the message above and speeds things up

From the SSH man page
-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be
able to perform activities such as keystroke monitoring.

For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh -Y
option and the ForwardX11Trusted directive in ssh_config(5) for more information.

-x Disables X11 forwarding.

-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.

ssh may additionally obtain configuration data from a per-user configuration file and a system-wide configuration file. The
file format and configuration options are described in ssh_config(5).


No comments: