Patch to add "warn" value to ForwardX11 and ForwardAgent

Dave Dykstra dwd at bell-labs.com
Wed Oct 31 06:26:46 EST 2001


On Tue, Oct 30, 2001 at 05:58:21PM +0100, Markus Friedl wrote:
> i think adding some verbose() calls should be enough for all cases.

Verbose already has calls during X forwarding but it gets lost in the
noise.  Are you saying verbose should print a stronger warning?

I want something I can enable by default for all my thousand or so users,
and -v prints too much.  If I leave the default as ForwardX11=no, I expect
a lot of people will end up with much worse security because they'll set
DISPLAY and use xhost like they're used to doing without ssh, but I don't
want to enable ForwardX11=yes for everybody because of the risk of the
connections being silently circumvented.

If you still don't agree, I'll keep a private patch, no problem, but I
expect other people might want something like this too.

- Dave Dykstra



More information about the openssh-unix-dev mailing list