Go to the U of M home page
School of Physics & Astronomy
Physics & Astronomy Wiki


X Windows security

The X window system poses a serious security risk if it is not properly secured. If your X11 server (the screen, keyboard and mouse of any Unix system) is insecure, it will allow any other program on the internet to copy your screen's contents, capture your keystrokes, and sometimes forge keystrokes as if you typed them yourself.

Never use the command “xhost +”; this completely disables your display security!

Network access is blocked from outside our building to our X displays - X11 applications running offsite cannot send the display directly to a desktop at Tate Lab. In order to run such programs, it's neccessary to tunnel the X11 traffic through a secure shell session.

Using X windows with ssh

  • Log in to a system which has ssh (with support for tunnelling) installed, and if required, set the DISPLAY environment variable to open windows on your screen – if working from a graphical environment it should be set for you.
  • Use ssh to log in to the remote system.
  • Now open X windows as usual (it may be easiest to test with a small, quick program such as xclock). Don't set the DISPLAY variable at the remote system; ssh will have set it for you.

If you have problems, start by checking the value of DISPLAY at the remote system (using “printenv DISPLAY” or similar). Some servers don't switch on X11 tunnelling by default, in which case you have to use the “-Y” flag when connecting to them (eg “ssh -Y hostname”).

  • If you don't have ssh installed on your system, check out our Secure Shell page for information on where to get it.
computing/department/unix/x11.txt · Last modified: 2009/05/18 17:21 by clayton