From owner-freebsd-current@FreeBSD.ORG Thu Mar 4 00:15:55 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02CC216A4CE for ; Thu, 4 Mar 2004 00:15:55 -0800 (PST) Received: from cmsrelay01.mx.net (cmsrelay01.mx.net [165.212.11.110]) by mx1.FreeBSD.org (Postfix) with SMTP id 9374043D2F for ; Thu, 4 Mar 2004 00:15:54 -0800 (PST) (envelope-from noackjr@alumni.rice.edu) Received: from uadvg128.cms.usa.net (165.212.11.128) by cmsoutbound.mx.net with SMTP; 4 Mar 2004 08:15:53 -0000 Received: from optimator.noacks.org [65.69.2.172] by uadvg128.cms.usa.net (ASMTP/noackjr@usa.net) via mtad (C8.MAIN.3.13N) with ESMTP id 720icDiPz0155M28; Thu, 04 Mar 2004 08:15:51 GMT X-USANET-Auth: 65.69.2.172 AUTH noackjr@usa.net optimator.noacks.org Received: from localhost (localhost [127.0.0.1]) by optimator.noacks.org (Postfix) with ESMTP id 5DB636101; Thu, 4 Mar 2004 02:15:50 -0600 (CST) Received: from optimator.noacks.org ([127.0.0.1]) by localhost (optimator.noacks.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 17226-05-2; Thu, 4 Mar 2004 02:15:39 -0600 (CST) Received: from alumni.rice.edu (compgeek [192.168.1.10]) by optimator.noacks.org (Postfix) with ESMTP id CB09C6110; Thu, 4 Mar 2004 02:15:39 -0600 (CST) Message-ID: <4046E5A5.9040901@alumni.rice.edu> Date: Thu, 04 Mar 2004 02:15:33 -0600 From: Jon Noack User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kevin Oberman References: <20040303225951.6647E5D07@ptavv.es.net> In-Reply-To: <20040303225951.6647E5D07@ptavv.es.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at noacks.org cc: freebsd-current@freebsd.org cc: Christian Weisgerber Subject: Re: Breakage in X11 over ssh tunnel X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: noackjr@alumni.rice.edu List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 08:15:55 -0000 On 3/3/2004 4:59 PM, Kevin Oberman wrote: >> From: naddy@mips.inka.de (Christian Weisgerber) >> Date: Wed, 3 Mar 2004 02:46:33 +0000 (UTC) >> Sender: owner-freebsd-current@freebsd.org >> You can enabled trusted X11 forwarding with ssh's -Y switch or the >> ForwardX11Trusted configuration option. Note that this poses a >> security risk if the host where the X11 client runs is under somebody >> else's control or has been compromised. > > Thanks for the pointer, but I can't find any reference to this in either > the documentation or in the source except that it exists in the ssh.1 > file only as an entry in a list of options that may be specified. -Y is > not listed at all. I'd love to find out exactly what this does! If you built and installed OpenSSH as part of your last build/installworld (after 3.8p1 import and *DO NOT* have "NO_OPENSSH= true" or "NOCRYPT= true" in /etc/make.conf), "man ssh" and "man ssh_config" should give you the information you're looking for (or "man -M/usr/share/man ssh" and "man -M/usr/share/man ssh_config" if you've also installed OpenSSH from ports and /usr/local/bin is listed before /bin and /usr/bin in your path -- see "man man" and "man manpath" for more info). You may also type "/usr/bin/ssh" (with no arguments) for a description of ssh command line options. Here are selected CVS diffs for 3.8p1 (ssh.c, ssh.1, ssh_config.5): http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/ssh.c.diff?r1=1.24&r2=1.25&f=h http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/ssh.1.diff?r1=1.27&r2=1.28&f=h http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/ssh_config.5.diff?r1=1.11&r2=1.12&f=h Jon Noack