From owner-freebsd-current@FreeBSD.ORG  Wed Mar  3 14:59:52 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1924716A4CE
	for <freebsd-current@freebsd.org>;
	Wed,  3 Mar 2004 14:59:52 -0800 (PST)
Received: from postal2.es.net (postal2.es.net [198.128.3.206])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0A68043D45
	for <freebsd-current@freebsd.org>;
	Wed,  3 Mar 2004 14:59:52 -0800 (PST)	(envelope-from oberman@es.net)
Received: from ptavv.es.net ([198.128.4.29])
        by postal2.es.net (Postal Node 2) with ESMTP (SSL) id IBA74465;
        Wed, 03 Mar 2004 14:59:51 -0800
Received: from ptavv (localhost [127.0.0.1])
	by ptavv.es.net (Tachyon Server) with ESMTP
	id 6647E5D07; Wed,  3 Mar 2004 14:59:51 -0800 (PST)
To: naddy@mips.inka.de (Christian Weisgerber)
In-reply-to: Your message of "Wed, 03 Mar 2004 02:46:33 GMT."
             <c23gu9$1fm4$1@kemoauc.mips.inka.de> 
Date: Wed, 03 Mar 2004 14:59:51 -0800
From: "Kevin Oberman" <oberman@es.net>
Message-Id: <20040303225951.6647E5D07@ptavv.es.net>
cc: freebsd-current@freebsd.org
Subject: Re: Breakage in X11 over ssh tunnel 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2004 22:59:52 -0000

> From: naddy@mips.inka.de (Christian Weisgerber)
> Date: Wed, 3 Mar 2004 02:46:33 +0000 (UTC)
> Sender: owner-freebsd-current@freebsd.org
> 
> Kevin Oberman <oberman@es.net> wrote:
> 
> > In all of my system running current that are newer than 2/26/04 I am
> > unable to run X applications over an SSH tunnel. I get a variety of
> > errors, most pretty non-sensical, when I try. The tunnels are from
> > stable systems to current system from yesterday or today.
> 
> OpenSSH's X11 forwarding now defaults to providing untrusted client
> access, which prevents the X11 clients from performing some operations.
> Alas, many X11 programs (or the toolkits they're based on, e.g GTK1)
> rely on trusted privileges and fail if these aren't available.
> 
> You can enabled trusted X11 forwarding with ssh's -Y switch or the
> ForwardX11Trusted configuration option.  Note that this poses a
> security risk if the host where the X11 client runs is under somebody
> else's control or has been compromised.
> 
> -- 
> Christian "naddy" Weisgerber                          naddy@mips.inka.de

Christian,

Thanks for the pointer, but I can't find any reference to this in either
the documentation or in the source except that it exists in the ssh.1
file only as an entry in a list of options that may be specified. -Y is
not listed at all. I'd love to find out exactly what this does!
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634