Bugtraq mailing list archives
Re: SSH & xauth
From: robert () CYRUS WATSON ORG (Robert Watson)
Date: Mon, 28 Feb 2000 15:37:42 -0500
On Sun, 27 Feb 2000, Theo de Raadt wrote:
alias ssh="ssh -x"Earlier, bugtraq was told that all ssh versions including openssh automatically tunnel X. This is not correct. openssh has that turned off by default.
Theo,
I suspect that some clarification on your point is required, as it is
accurate only as of a recent commit to the OpenBSD CVS source repository
(Mon, 28 Feb 2000 12:52:01 -0700 (MST)). For reference, I have attached
the cvs repo commit message. Users of OpenBSD may want to update to the
latest version of these files to avoid the security risks associated with
the poor OpenSSH default setting. Of course, this applies to all other
consumers of OpenSSH who have not updated their configurations.
Date: Mon, 28 Feb 2000 12:52:01 -0700 (MST)
From: Markus Friedl <markus () cvs openbsd org>
To: source-changes () cvs openbsd org
Subject: CVS: cvs.openbsd.org: src
Reply-To: Markus Friedl <markus () cvs openbsd org>
CVSROOT: /cvs
Module name: src
Changes by: markus () cvs openbsd org 2000/02/28 12:51:59
Modified files:
usr.bin/ssh : ssh.1 ssh.c readconf.c
Log message:
turn off x11-fwd for the client, too.
Current thread:
- Re: SSH & xauth, (continued)
- Re: SSH & xauth Robert Watson (Feb 28)
- xterm log file vulnerability Morten Welinder (Feb 29)
- false alarms by real secure Danton Nunes (Feb 29)
- New ZZ Posted Simple Nomad (Feb 29)
- DOS in Trendmicro OfficeScan cerberus (Feb 26)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 27)
- Re: SSH & xauth Oliver Friedrichs (Feb 25)
- Re: SSH & xauth Theo de Raadt (Feb 27)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 28)
- Serv-U FTP-Server v2.4a showing real path Berk Ulsoy (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)
- Re: SSH & xauth Niels Provos (Feb 28)
- Re: SSH & xauth Theo de Raadt (Feb 27)
- Re: SSH & xauth Brian (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)