From owner-freebsd-bugs  Wed Apr 26  9:50: 6 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id A970B37BE52
	for <freebsd-bugs@FreeBSD.org>; Wed, 26 Apr 2000 09:50:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id JAA51552;
	Wed, 26 Apr 2000 09:50:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from minya.sea.one-eyed-alien.net (minya.sea.one-eyed-alien.net [216.39.156.226])
	by hub.freebsd.org (Postfix) with ESMTP id E61DA37BE62
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 26 Apr 2000 09:41:47 -0700 (PDT)
	(envelope-from brooks@minya.sea.one-eyed-alien.net)
Received: (from brooks@localhost)
	by minya.sea.one-eyed-alien.net (8.9.3/8.9.3) id JAA29879;
	Wed, 26 Apr 2000 09:42:14 -0700 (PDT)
	(envelope-from brooks)
Message-Id: <200004261642.JAA29879@minya.sea.one-eyed-alien.net>
Date: Wed, 26 Apr 2000 09:42:14 -0700 (PDT)
From: brooks@one-eyed-alien.net
Reply-To: brooks@one-eyed-alien.net
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: conf/18238: The default sshd config leaves X11 forwarding off
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         18238
>Category:       conf
>Synopsis:       The default sshd config leaves X11 forwarding off
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 26 09:50:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Brooks Davis
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
The Aerospace Corporation
>Environment:

FreeBSD minya 5.0-CURRENT FreeBSD 5.0-CURRENT #20: Tue Apr 18 10:48:27 PDT 2000     root@minya:/usr/src/sys/compile/MINYA  i386

>Description:

The default /etc/ssh/sshd_config sets "X11Forwarding no".  As there is
no risk to the server from X11 Forwarding this is stupid.  This was
discussed on -current or -hackers a while back, but it appears no one
made the change.

>How-To-Repeat:

Install current with crypto.

>Fix:

Index: sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.4
diff -u -r1.4 sshd_config
--- sshd_config	2000/02/26 02:24:38	1.4
+++ sshd_config	2000/04/26 16:30:47
@@ -17,7 +17,7 @@
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
 #IgnoreUserKnownHosts yes
 StrictModes yes
-X11Forwarding no
+X11Forwarding yes
 X11DisplayOffset 10
 PrintMotd yes
 KeepAlive yes


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message