From owner-freebsd-security Thu Mar 21 18:16:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by hub.freebsd.org (Postfix) with ESMTP id 6E6CB37B417 for ; Thu, 21 Mar 2002 18:16:19 -0800 (PST) Received: from vicor-nb.com (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 35F3D1B22C for ; Thu, 21 Mar 2002 18:16:19 -0800 (PST) Message-ID: <3C9A93F3.570416EA@vicor-nb.com> Date: Thu, 21 Mar 2002 18:16:19 -0800 From: Julian Elischer Organization: VICOR X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.5-STABLE i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: security@freebsd.org Subject: something changed in ssh? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Until recently I used to use ssh to "machine A" to forward X11 sessions out of my office to home, however when we recently upgraded it due to the security announcements, this stopped working. "Machine A" does NOT have X11 loaded as it is a bastion host. sshd now seems to be looking for xauth. But prior to this it used to print out something about "spoofed X11 Athentication", and worked anyhopw without xauth on the machine. We do not want to load xauth onto the bastion host as it's job doesn't require it and we are trying to keep the machine easily auditable. Has something changed in sshd in this regard? I have spend several hours looking through the sources and not found any hints as to how this used to work in the past, or how to make it work now. Any leads appreciated.. Julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message