difference between SSH -X and ssh -Y

Shehbaz Jaffer picture Shehbaz Jaffer · Nov 17, 2012 · Viewed 23.9k times · Source

I was SSH'ing into a server by running a code like this:

ssh serverUser@serverIP "./runServer" &

on the very next line of the script when I started a VM at the client and wrote startX on it, it said: X Error of failed request: Bad Window.

After looking up this error, I resolved this by sshing using the 'Y' forwarding.

ssh -Y serverUser@serverIP "./runServer" &

I am unable to understand if X and Y forwarding are the same concepts - and how many such X, Y Z forwardings are possible?

Thanks.

Answer

beatgammit picture beatgammit · Nov 17, 2012

From the man page:

 -X      Enables X11 forwarding.  This can also be specified on a per-host
         basis in a configuration file.

         X11 forwarding should be enabled with caution.  Users with the
         ability to bypass file permissions on the remote host (for the
         user's X authorization database) can access the local X11 display
         through the forwarded connection.  An attacker may then be able
         to perform activities such as keystroke monitoring.

         For this reason, X11 forwarding is subjected to X11 SECURITY
         extension restrictions by default.  Please refer to the ssh -Y
         option and the ForwardX11Trusted directive in ssh_config(5) for
         more information.

 -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not
         subjected to the X11 SECURITY extension controls.

See also: https://askubuntu.com/questions/35512/difference-between-ssh-y-and-ssh-x