Patch to add "warn" value to ForwardX11 and ForwardAgent

Dave Dykstra dwd at
Wed Oct 31 03:20:53 EST 2001

On Mon, Oct 29, 2001 at 11:35:57PM -0500, Jim Knoble wrote:
> Circa 2001-Oct-30 12:03:29 +1100 dixit Damien Miller:
> : On Mon, 29 Oct 2001, Dave Dykstra wrote:
> : > With "warn", you can still use forwarding even though you know a server is
> : > not very well secured, and you will be notified if someone does actually
> : > break into the server and try to take over the forwarding on your session.
> : 
> : By which stage it is too late.
> : 
> : What would be nicer is some way for the client to get the user to accept
> : / reject each forwarding request.

I considered that, and maybe it should still be an option, but it has some
    1. A forward request can come at any time and it could be very awkward
	to prompt in the middle of something that the user is typing into
	such as an editor.  A pop-up window is a possibility but I think
	that's over-engineering.
    2. I think it's much more likely that people will disable a prompt than
	a warning because it's too much pain for the normal case.  Having 
	notification of a compromise is much better than nothing.

If it would help for the patch to be accepted, I will gladly add a fourth
value "ask", but I would still want the "warn" value.


Interesting, but not for the masses I don't think, particularly since it
isn't open source and the license doesn't allow use by businesses.

- Dave Dykstra

More information about the openssh-unix-dev mailing list