- djm@cvs.openbsd.org 2005/02/28 00:54:10

[ssh_config.5] bz#849: document timeout on untrusted x11 forwarding sessions. Reported by orion AT cora.nwra.com; ok markus@
author: Damien Miller <djm@mindrot.org> 2005-03-01 21:17:31 +1100
committer: Damien Miller <djm@mindrot.org> 2005-03-01 21:17:31 +1100
commit: 1717fd422f2c5691d745a7daf6908df9a6458904 (patch)
tree: 6f2b0b68ceea61dc780fed386f08b718097cc201 /ssh_config.5
parent: 70a908ec89b8bd5feb14abed5957ebb063796e94 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 67b6ca72e..8f6d851b4 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.41 2005/01/28 18:14:09 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -359,11 +359,16 @@ option is also enabled.
 If this option is set to
 .Dq yes
 then remote X11 clients will have full access to the original X11 display.
+.Pp
 If this option is set to
 .Dq no
 then remote X11 clients will be considered untrusted and prevented
 from stealing or tampering with data belonging to trusted X11
 clients.
+Furthermore, the
+.Xr xauth 1
+token used for the session will be set to expire after 20 minutes.
+Remote clients will be refused access after this time.
 .Pp
 The default is
 .Dq no .
author	Damien Miller <djm@mindrot.org>	2005-03-01 21:17:31 +1100
committer	Damien Miller <djm@mindrot.org>	2005-03-01 21:17:31 +1100
commit	1717fd422f2c5691d745a7daf6908df9a6458904 (patch)
tree	6f2b0b68ceea61dc780fed386f08b718097cc201 /ssh_config.5
parent	70a908ec89b8bd5feb14abed5957ebb063796e94 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 67b6ca72e..8f6d851b4 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.41 2005/01/28 18:14:09 jmc Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -359,11 +359,16 @@ option is also enabled.
359	If this option is set to	359	If this option is set to
360	.Dq yes	360	.Dq yes
361	then remote X11 clients will have full access to the original X11 display.	361	then remote X11 clients will have full access to the original X11 display.
		362	.Pp
362	If this option is set to	363	If this option is set to
363	.Dq no	364	.Dq no
364	then remote X11 clients will be considered untrusted and prevented	365	then remote X11 clients will be considered untrusted and prevented
365	from stealing or tampering with data belonging to trusted X11	366	from stealing or tampering with data belonging to trusted X11
366	clients.	367	clients.
		368	Furthermore, the
		369	.Xr xauth 1
		370	token used for the session will be set to expire after 20 minutes.
		371	Remote clients will be refused access after this time.
367	.Pp	372	.Pp
368	The default is	373	The default is
369	.Dq no .	374	.Dq no .