[14094] in bugtraq
Re: SSH & xauth
daemon@ATHENA.MIT.EDU (Robert Watson)
Wed Mar 1 00:35:42 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.NEB.3.96L.1000228153356.37011E-100000@fledge.watson.org>
Date: Mon, 28 Feb 2000 15:37:42 -0500
Reply-To: Robert Watson <robert+sec@cyrus.watson.org>
From: Robert Watson <robert@CYRUS.WATSON.ORG>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200002280301.UAA09309@cvs.openbsd.org>
On Sun, 27 Feb 2000, Theo de Raadt wrote:
> > alias ssh="ssh -x"
>
> Earlier, bugtraq was told that all ssh versions including openssh
> automatically tunnel X.
>
> This is not correct. openssh has that turned off by default.
Theo,
I suspect that some clarification on your point is required, as it is
accurate only as of a recent commit to the OpenBSD CVS source repository
(Mon, 28 Feb 2000 12:52:01 -0700 (MST)). For reference, I have attached
the cvs repo commit message. Users of OpenBSD may want to update to the
latest version of these files to avoid the security risks associated with
the poor OpenSSH default setting. Of course, this applies to all other
consumers of OpenSSH who have not updated their configurations.
Date: Mon, 28 Feb 2000 12:52:01 -0700 (MST)
From: Markus Friedl <markus@cvs.openbsd.org>
To: source-changes@cvs.openbsd.org
Subject: CVS: cvs.openbsd.org: src
Reply-To: Markus Friedl <markus@cvs.openbsd.org>
CVSROOT: /cvs
Module name: src
Changes by: markus@cvs.openbsd.org 2000/02/28 12:51:59
Modified files:
usr.bin/ssh : ssh.1 ssh.c readconf.c
Log message:
turn off x11-fwd for the client, too.
