diff options
| author | Damien Miller <djm@mindrot.org> | 2005-03-02 13:22:30 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-03-02 13:22:30 +1100 |
| commit | 947219e6e6d8be46d42c70239a907e4227e62d4a (patch) | |
| tree | 0e1fe7d686fbcd488055e5bbb1383a3b8e363d7c | |
| parent | 89eac8010a80589bcd3abda8f253cd0cd3d2088c (diff) | |
- djm@cvs.openbsd.org 2005/03/02 02:21:07
[ssh.1]
bz#987: mention ForwardX11Trusted in ssh.1,
reported by andrew.benham AT thus.net; ok deraadt@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ssh.1 | 15 |
2 files changed, 19 insertions, 2 deletions
@@ -42,6 +42,10 @@ - djm@cvs.openbsd.org 2005/03/02 01:27:41 [ssh-keygen.c] ignore hostnames with metachars when hashing; ok deraadt@ + - djm@cvs.openbsd.org 2005/03/02 02:21:07 + [ssh.1] + bz#987: mention ForwardX11Trusted in ssh.1, + reported by andrew.benham AT thus.net; ok deraadt@ 20050301 - (djm) OpenBSD CVS sync: @@ -2261,4 +2265,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3686 2005/03/02 01:33:04 djm Exp $ +$Id: ChangeLog,v 1.3687 2005/03/02 02:22:30 djm Exp $ @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.202 2005/03/01 14:47:58 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.203 2005/03/02 02:21:07 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -831,10 +831,23 @@ Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. +.Pp +For this reason, X11 forwarding is subjected X11 SECURITY extension +restrictions by default. +Please refer to the +.Nm +.Fl Y +option and the +.Cm ForwardX11Trusted +directive in +.Xr ssh_config 5 +for more information. .It Fl x Disables X11 forwarding. .It Fl Y Enables trusted X11 forwarding. +Trusted X11 forwardings are not subjected to the X11 SECURITY extension +controls. .El .Sh CONFIGURATION FILES .Nm |