diff options
Diffstat (limited to 'debian/README.Debian')
-rw-r--r-- | debian/README.Debian | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index cb1444a47..4f076f898 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
@@ -115,6 +115,15 @@ As of OpenSSH 3.1, the remote $DISPLAY uses localhost by default to reduce | |||
115 | the security risks of X11 forwarding. Look up X11UseLocalhost in | 115 | the security risks of X11 forwarding. Look up X11UseLocalhost in |
116 | sshd_config(8) if this is a problem. | 116 | sshd_config(8) if this is a problem. |
117 | 117 | ||
118 | OpenSSH 3.8 invented ForwardX11Trusted, which when set to no causes the | ||
119 | ssh client to create an untrusted X cookie so that attacks on the | ||
120 | forwarded X11 connection can't become attacks on X clients on the remote | ||
121 | machine. However, this has some problems in implementation - notably a | ||
122 | very short timeout of the untrusted cookie - breaks large numbers of | ||
123 | existing setups, and generally seems immature. The Debian package | ||
124 | therefore sets the default for this option to "no" (in ssh itself, | ||
125 | rather than in ssh_config). | ||
126 | |||
118 | Fallback to RSH | 127 | Fallback to RSH |
119 | --------------- | 128 | --------------- |
120 | 129 | ||