diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.202 2005/03/01 14:47:58 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.203 2005/03/02 02:21:07 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -831,10 +831,23 @@ Users with the ability to bypass file permissions on the remote host | |||
831 | (for the user's X authorization database) | 831 | (for the user's X authorization database) |
832 | can access the local X11 display through the forwarded connection. | 832 | can access the local X11 display through the forwarded connection. |
833 | An attacker may then be able to perform activities such as keystroke monitoring. | 833 | An attacker may then be able to perform activities such as keystroke monitoring. |
834 | .Pp | ||
835 | For this reason, X11 forwarding is subjected X11 SECURITY extension | ||
836 | restrictions by default. | ||
837 | Please refer to the | ||
838 | .Nm | ||
839 | .Fl Y | ||
840 | option and the | ||
841 | .Cm ForwardX11Trusted | ||
842 | directive in | ||
843 | .Xr ssh_config 5 | ||
844 | for more information. | ||
834 | .It Fl x | 845 | .It Fl x |
835 | Disables X11 forwarding. | 846 | Disables X11 forwarding. |
836 | .It Fl Y | 847 | .It Fl Y |
837 | Enables trusted X11 forwarding. | 848 | Enables trusted X11 forwarding. |
849 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | ||
850 | controls. | ||
838 | .El | 851 | .El |
839 | .Sh CONFIGURATION FILES | 852 | .Sh CONFIGURATION FILES |
840 | .Nm | 853 | .Nm |