disable features
Damien Miller
djm at mindrot.org
Thu Oct 25 10:32:50 EST 2001
On Wed, 24 Oct 2001, Ed Phillips wrote:
> On Wed, 24 Oct 2001, Lutz Jaenicke wrote:
>
> > Consider a ssh[d] that has been compiled without X11 forwarding.
>
> Speaking of X11Forwarding... is there any particular reason that somewhere
> between v2.9p2 and v2.9.9p2 there has been a change to the stock
> sshd_config to disable X11Forwarding?
X11Forwarding been off by default for ages (ever?). Perhaps you had a
vendor RPM which had it enabled by default.
> Also, is there any particular reason that authentication forwarding has
> been disabled in 2.X (I'm not sure when, execpt that every since we've
> been trying out 2.X it has been disabled by default).
If you are forwarding your agent to a malicious host, they can sign
arbitrary challenges using your keys.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
More information about the openssh-unix-dev
mailing list