disable features

Damien Miller djm at mindrot.org
Thu Oct 25 10:32:50 EST 2001

On Wed, 24 Oct 2001, Ed Phillips wrote:

> On Wed, 24 Oct 2001, Lutz Jaenicke wrote:
> > Consider a ssh[d] that has been compiled without X11 forwarding.
> Speaking of X11Forwarding... is there any particular reason that somewhere
> between v2.9p2 and v2.9.9p2 there has been a change to the stock
> sshd_config to disable X11Forwarding?

X11Forwarding been off by default for ages (ever?). Perhaps you had a 
vendor RPM which had it enabled by default.

> Also, is there any particular reason that authentication forwarding has
> been disabled in 2.X (I'm not sure when, execpt that every since we've
> been trying out 2.X it has been disabled by default).

If you are forwarding your agent to a malicious host, they can sign 
arbitrary challenges using your keys.


| By convention there is color,       \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)

More information about the openssh-unix-dev mailing list