From owner-cvs-all Mon Feb 28 12:41:40 2000 Delivered-To: cvs-all@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 07C0A37B9B5; Mon, 28 Feb 2000 12:41:34 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id PAA37627; Mon, 28 Feb 2000 15:42:34 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Mon, 28 Feb 2000 15:42:34 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Mark Murray Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh auth-krb5.c auth-krb4.c auth-passwd.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.8 sshd.c In-Reply-To: <200002281903.LAA43482@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk Mark, Unrelated to the commit I replied to, but could you verify that SSH X11 forwarding is disabled in the client by default? I just had the opportunity to toast Theo on bugtraq for making misleading statements about that setting on the OpenBSD side... :-) You might want to reenable forwarding on the server, unless you know of a specific security risk to the server associate associated with that (I don't offhand, but it doesn't mean one doesn't exist). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message