Quote from: woahmang on December 16, 2012, 03:42 amQuote from: sweetone on December 16, 2012, 02:53 amQuote from: woahmang on December 14, 2012, 07:48 pmCode: [Select]ssh -X you@your-serverwith the -X flag you can run apps over the network as long as you have an x server on the machine you're connecting from, which Linux desktops do.Otherwise just use VNC with tight security settings, or using ssh tunnellingssh is the best way ;)Now I've had a think about it, I'm not actually sure ssh -X is best. VNC is basically a "remote framebuffer" and deals mostly with pixels, mouse movements and so on. X11 is an enormous API with loads of surface area (for information leakage) and although it was supposed to be used over the network most people use it locally, so the Firefox and Bitcoin devs don't use it over the network and it's unlikely to be optimized for this use-case.So VNC is probably better because it's simpler and less well integrated into your system. If someone hacked into a server you were VNCing into the worst thing they could get access to is your clipboard, I'm not even sure how much information could be leaked to someone who'd broken into your ssh server but I suspect it's lots.Of course ssh -X is really easy to set up and offers great protection against an eavesdropper so I guess it depends on how secure you need to be, it works well enough for me anyway.Excellent point. Even in the man page it hints at some of the problems:Code: [Select]-X   Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.     X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring.At least -X is better than -Y :P