When trying to ssh -X to a Cloud CPS box, I get (with -v) X11 forwarding request failed on channel 0 and forwarding is not set up. The usual workarounds (installing xauth, adding X11Forwarding yes / X11UseLocalhost no to sshd_config) do not seem to work.
Can you tell me more about that -X? X11 isn't present on any of our servers by default, I don't think I've ever heard of anyone using it on a VPS before.
It creates a tunnel inside the SSH connection through which applications running on the remote machine can connect to the X11 server of the local machine (so you can e.g. run selenium tests on the remote and see the browser window as if the browser were running locally).
In this instance, I was just trying to forward the connection from the labs-vagrant box inside that cloud host (so ssh -X into the cloud box and then run vagrant ssh -- -X) but X11 forwarding is broken somehow. Connecting to the vagrant box directly works.
Um is X11 forwarding something that's secure enough to be run between labs and our own machines?
AIUI an attacker could snoop on your window contents, maybe even your keystrokes while the connection is open, but that's the worst that could happen.
Hm. In non-trusted mode only the ones that are forwarded from that host, but apparently Debian uses trusted mode by default...not sure what exactly that means. All keyboard events at the very least, probably screenshots too.
Apparently firejail includes an X11 sandbox which is another way to prevent access to local windows.