Date: Thu, 23 Mar 2000 10:30:41 -0500 (EST) From: ktstev01@louisville.edu To: FreeBSD-gnats-submit@freebsd.org Subject: docs/17566: [PATCH] ssh(1) and sshd(8) manpage error Message-ID: <20000323153041.BAC1518605@osaka.louisville.edu>
next in thread | raw e-mail | index | archive | help
>Number: 17566 >Category: docs >Synopsis: [PATCH] ssh(1) and sshd(8) manpage error >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 23 07:40:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Keith Stevenson >Release: FreeBSD 4.0-STABLE i386 >Organization: University of Louisville >Environment: FreeBSD 4.0-STABLE >Description: The man pages for ssh(1) and sshd(8) do not reflect the recent policy decision to not forward X11 connections by default. >How-To-Repeat: N/A >Fix: More enlightened persons may wish to review my wording in the patch. Index: ssh.1 =================================================================== RCS file: /opt/ncvs/src/crypto/openssh/ssh.1,v retrieving revision 1.4 diff -u -r1.4 ssh.1 --- ssh.1 2000/03/13 00:22:52 1.4 +++ ssh.1 2000/03/23 14:50:24 @@ -207,14 +207,15 @@ .Pp If the user is using X11 (the .Ev DISPLAY -environment variable is set), the connection to the X11 display is -automatically forwarded to the remote side in such a way that any X11 +environment variable is set), the connection to the X11 display can +be forwarded to the remote side in such a way that any X11 programs started from the shell (or command) will go through the encrypted channel, and the connection to the real X server will be made from the local machine. The user should not manually set .Ev DISPLAY . -Forwarding of X11 connections can be -configured on the command line or in configuration files. +Forwarding of X11 connections weakens the security of ssh and is +disabled by default. X11 forwarding can be enabled on the command line +or in configuration files. .Pp The .Ev DISPLAY Index: sshd.8 =================================================================== RCS file: /opt/ncvs/src/crypto/openssh/sshd.8,v retrieving revision 1.5 diff -u -r1.5 sshd.8 --- sshd.8 2000/03/13 00:22:52 1.5 +++ sshd.8 2000/03/23 15:22:27 @@ -480,9 +480,7 @@ The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. The default is -.Dq yes . -Note that disabling X11 forwarding does not improve security in any -way, as users can always install their own forwarders. +.Dq no . .El .Sh LOGIN PROCESS When a user successfully logs in, >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000323153041.BAC1518605>