Re: Breakage in X11 over ssh tunnel

From: Jon Noack <noackjr_at_alumni.rice.edu>
Date: Thu, 04 Mar 2004 02:15:33 -0600
On 3/3/2004 4:59 PM, Kevin Oberman wrote:
>> From: naddy_at_mips.inka.de (Christian Weisgerber)
>> Date: Wed, 3 Mar 2004 02:46:33 +0000 (UTC)
>> Sender: owner-freebsd-current_at_freebsd.org
>> You can enabled trusted X11 forwarding with ssh's -Y switch or the 
>> ForwardX11Trusted configuration option.  Note that this poses a 
>> security risk if the host where the X11 client runs is under somebody 
>> else's control or has been compromised.
> 
> Thanks for the pointer, but I can't find any reference to this in either
> the documentation or in the source except that it exists in the ssh.1
> file only as an entry in a list of options that may be specified. -Y is
> not listed at all. I'd love to find out exactly what this does!

If you built and installed OpenSSH as part of your last 
build/installworld (after 3.8p1 import and *DO NOT* have "NO_OPENSSH= 
true" or "NOCRYPT= true" in /etc/make.conf), "man ssh" and "man 
ssh_config" should give you the information you're looking for (or "man 
-M/usr/share/man ssh" and "man -M/usr/share/man ssh_config" if you've 
also installed OpenSSH from ports and /usr/local/bin is listed before 
/bin and /usr/bin in your path -- see "man man" and "man manpath" for 
more info).  You may also type "/usr/bin/ssh" (with no arguments) for a 
description of ssh command line options.

Here are selected CVS diffs for 3.8p1 (ssh.c, ssh.1, ssh_config.5):
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/ssh.c.diff?r1=1.24&r2=1.25&f=h
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/ssh.1.diff?r1=1.27&r2=1.28&f=h
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/ssh_config.5.diff?r1=1.11&r2=1.12&f=h

Jon Noack
Received on Wed Mar 03 2004 - 23:15:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:46 UTC