diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ssh.1 | 15 |
2 files changed, 19 insertions, 2 deletions
@@ -42,6 +42,10 @@ | |||
42 | - djm@cvs.openbsd.org 2005/03/02 01:27:41 | 42 | - djm@cvs.openbsd.org 2005/03/02 01:27:41 |
43 | [ssh-keygen.c] | 43 | [ssh-keygen.c] |
44 | ignore hostnames with metachars when hashing; ok deraadt@ | 44 | ignore hostnames with metachars when hashing; ok deraadt@ |
45 | - djm@cvs.openbsd.org 2005/03/02 02:21:07 | ||
46 | [ssh.1] | ||
47 | bz#987: mention ForwardX11Trusted in ssh.1, | ||
48 | reported by andrew.benham AT thus.net; ok deraadt@ | ||
45 | 49 | ||
46 | 20050301 | 50 | 20050301 |
47 | - (djm) OpenBSD CVS sync: | 51 | - (djm) OpenBSD CVS sync: |
@@ -2261,4 +2265,4 @@ | |||
2261 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2265 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2262 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2266 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2263 | 2267 | ||
2264 | $Id: ChangeLog,v 1.3686 2005/03/02 01:33:04 djm Exp $ | 2268 | $Id: ChangeLog,v 1.3687 2005/03/02 02:22:30 djm Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.202 2005/03/01 14:47:58 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.203 2005/03/02 02:21:07 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -831,10 +831,23 @@ Users with the ability to bypass file permissions on the remote host | |||
831 | (for the user's X authorization database) | 831 | (for the user's X authorization database) |
832 | can access the local X11 display through the forwarded connection. | 832 | can access the local X11 display through the forwarded connection. |
833 | An attacker may then be able to perform activities such as keystroke monitoring. | 833 | An attacker may then be able to perform activities such as keystroke monitoring. |
834 | .Pp | ||
835 | For this reason, X11 forwarding is subjected X11 SECURITY extension | ||
836 | restrictions by default. | ||
837 | Please refer to the | ||
838 | .Nm | ||
839 | .Fl Y | ||
840 | option and the | ||
841 | .Cm ForwardX11Trusted | ||
842 | directive in | ||
843 | .Xr ssh_config 5 | ||
844 | for more information. | ||
834 | .It Fl x | 845 | .It Fl x |
835 | Disables X11 forwarding. | 846 | Disables X11 forwarding. |
836 | .It Fl Y | 847 | .It Fl Y |
837 | Enables trusted X11 forwarding. | 848 | Enables trusted X11 forwarding. |
849 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | ||
850 | controls. | ||
838 | .El | 851 | .El |
839 | .Sh CONFIGURATION FILES | 852 | .Sh CONFIGURATION FILES |
840 | .Nm | 853 | .Nm |