diff options
Diffstat (limited to 'debian/README.Debian')
| -rw-r--r-- | debian/README.Debian | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index cb1444a47..4f076f898 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
| @@ -115,6 +115,15 @@ As of OpenSSH 3.1, the remote $DISPLAY uses localhost by default to reduce | |||
| 115 | the security risks of X11 forwarding. Look up X11UseLocalhost in | 115 | the security risks of X11 forwarding. Look up X11UseLocalhost in |
| 116 | sshd_config(8) if this is a problem. | 116 | sshd_config(8) if this is a problem. |
| 117 | 117 | ||
| 118 | OpenSSH 3.8 invented ForwardX11Trusted, which when set to no causes the | ||
| 119 | ssh client to create an untrusted X cookie so that attacks on the | ||
| 120 | forwarded X11 connection can't become attacks on X clients on the remote | ||
| 121 | machine. However, this has some problems in implementation - notably a | ||
| 122 | very short timeout of the untrusted cookie - breaks large numbers of | ||
| 123 | existing setups, and generally seems immature. The Debian package | ||
| 124 | therefore sets the default for this option to "no" (in ssh itself, | ||
| 125 | rather than in ssh_config). | ||
| 126 | |||
| 118 | Fallback to RSH | 127 | Fallback to RSH |
| 119 | --------------- | 128 | --------------- |
| 120 | 129 | ||