From owner-freebsd-doc Thu Mar 23 7:40: 6 2000 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 1BC5E37B818 for ; Thu, 23 Mar 2000 07:40:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id HAA73210; Thu, 23 Mar 2000 07:40:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id A486F37C4C5 for ; Thu, 23 Mar 2000 07:31:02 -0800 (PST) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id 16ADD25388 for ; Thu, 23 Mar 2000 10:30:42 -0500 (EST) Received: by osaka.louisville.edu (Postfix, from userid 15) id BAC1518605; Thu, 23 Mar 2000 10:30:41 -0500 (EST) Message-Id: <20000323153041.BAC1518605@osaka.louisville.edu> Date: Thu, 23 Mar 2000 10:30:41 -0500 (EST) From: ktstev01@louisville.edu Reply-To: ktstev01@osaka.louisville.edu To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: docs/17566: [PATCH] ssh(1) and sshd(8) manpage error Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 17566 >Category: docs >Synopsis: [PATCH] ssh(1) and sshd(8) manpage error >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 23 07:40:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Keith Stevenson >Release: FreeBSD 4.0-STABLE i386 >Organization: University of Louisville >Environment: FreeBSD 4.0-STABLE >Description: The man pages for ssh(1) and sshd(8) do not reflect the recent policy decision to not forward X11 connections by default. >How-To-Repeat: N/A >Fix: More enlightened persons may wish to review my wording in the patch. Index: ssh.1 =================================================================== RCS file: /opt/ncvs/src/crypto/openssh/ssh.1,v retrieving revision 1.4 diff -u -r1.4 ssh.1 --- ssh.1 2000/03/13 00:22:52 1.4 +++ ssh.1 2000/03/23 14:50:24 @@ -207,14 +207,15 @@ .Pp If the user is using X11 (the .Ev DISPLAY -environment variable is set), the connection to the X11 display is -automatically forwarded to the remote side in such a way that any X11 +environment variable is set), the connection to the X11 display can +be forwarded to the remote side in such a way that any X11 programs started from the shell (or command) will go through the encrypted channel, and the connection to the real X server will be made from the local machine. The user should not manually set .Ev DISPLAY . -Forwarding of X11 connections can be -configured on the command line or in configuration files. +Forwarding of X11 connections weakens the security of ssh and is +disabled by default. X11 forwarding can be enabled on the command line +or in configuration files. .Pp The .Ev DISPLAY Index: sshd.8 =================================================================== RCS file: /opt/ncvs/src/crypto/openssh/sshd.8,v retrieving revision 1.5 diff -u -r1.5 sshd.8 --- sshd.8 2000/03/13 00:22:52 1.5 +++ sshd.8 2000/03/23 15:22:27 @@ -480,9 +480,7 @@ The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. The default is -.Dq yes . -Note that disabling X11 forwarding does not improve security in any -way, as users can always install their own forwarders. +.Dq no . .El .Sh LOGIN PROCESS When a user successfully logs in, >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message