Sunday, September 13, 2009

Untrusted SSH clients or Gdk-WARNING **: Connection to display localhost:10.0 appears to be untrusted

While connecting to a local RH system via 'ssh -X' I was seeing errors like:

Connection to display localhost:10.0 appears to be untrusted. Pointer and
keyboard grabs and inter-client communication may not work as expected.

OpenSSH implements the X11 SECURITY extension that provides two clients types: trusted & untrusted.

Trusted clients can do anything with the display while untrusted clients cannot inject synthetic events (mouse movement, keypresses, etc.) or read data from other windows (e.g. take screenshots).

In theory you should be able to run most applications via the untrusted category but it seems that a fair amount of client apps still do not implement this correctly so YMMV.

If you want to initialize a SSH connection with X11 forwarding support and using the trusted security type you simply replace -X with -Y:

$ ssh -Y USER@HOST

TIP: Add a '-C' to your ssh connections to speed things up. Nothings for free but I am sure the CPU/speed trade-off will suit most users.

No comments:

About Me

My photo
I love solving real-world problems with code and systems (web apps, distributed systems and all the bits and pieces in-between).