Date: Wed, 26 Apr 2000 09:42:14 -0700 (PDT) From: brooks@one-eyed-alien.net To: FreeBSD-gnats-submit@freebsd.org Subject: conf/18238: The default sshd config leaves X11 forwarding off Message-ID: <200004261642.JAA29879@minya.sea.one-eyed-alien.net>
index | next in thread | raw e-mail
>Number: 18238 >Category: conf >Synopsis: The default sshd config leaves X11 forwarding off >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Apr 26 09:50:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Brooks Davis >Release: FreeBSD 5.0-CURRENT i386 >Organization: The Aerospace Corporation >Environment: FreeBSD minya 5.0-CURRENT FreeBSD 5.0-CURRENT #20: Tue Apr 18 10:48:27 PDT 2000 root@minya:/usr/src/sys/compile/MINYA i386 >Description: The default /etc/ssh/sshd_config sets "X11Forwarding no". As there is no risk to the server from X11 Forwarding this is stupid. This was discussed on -current or -hackers a while back, but it appears no one made the change. >How-To-Repeat: Install current with crypto. >Fix: Index: sshd_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4 diff -u -r1.4 sshd_config --- sshd_config 2000/02/26 02:24:38 1.4 +++ sshd_config 2000/04/26 16:30:47 @@ -17,7 +17,7 @@ # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes -X11Forwarding no +X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004261642.JAA29879>