diff options
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index da162499b..7f3c7064a 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.21 2003/10/08 15:21:24 markus Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.22 2003/10/11 08:24:08 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -306,9 +306,27 @@ The default is | |||
306 | .Pp | 306 | .Pp |
307 | X11 forwarding should be enabled with caution. | 307 | X11 forwarding should be enabled with caution. |
308 | Users with the ability to bypass file permissions on the remote host | 308 | Users with the ability to bypass file permissions on the remote host |
309 | (for the user's X authorization database) | 309 | (for the user's X11 authorization database) |
310 | can access the local X11 display through the forwarded connection. | 310 | can access the local X11 display through the forwarded connection. |
311 | An attacker may then be able to perform activities such as keystroke monitoring. | 311 | An attacker may then be able to perform activities such as keystroke monitoring |
312 | if the | ||
313 | .Cm ForwardX11Trusted | ||
314 | option is also enabled. | ||
315 | .It Cm ForwardX11Trusted | ||
316 | If the this option is set to | ||
317 | .Dq yes | ||
318 | then remote X11 clients will have full access to the original X11 display. | ||
319 | If this option is set to | ||
320 | .Dq no | ||
321 | then remote X11 clients will be considered untrusted and prevented | ||
322 | from stealing or tampering with data belonging to trusted X11 | ||
323 | clients. | ||
324 | .Pp | ||
325 | The default is | ||
326 | .Dq no . | ||
327 | .Pp | ||
328 | See the X11 SECURITY extension specification for full details on | ||
329 | the restrictions imposed on untrusted clients. | ||
312 | .It Cm GatewayPorts | 330 | .It Cm GatewayPorts |
313 | Specifies whether remote hosts are allowed to connect to local | 331 | Specifies whether remote hosts are allowed to connect to local |
314 | forwarded ports. | 332 | forwarded ports. |