From 9a6b3b7a008fc4b23a624989aee5a75b64cbeae3 Mon Sep 17 00:00:00 2001 From: djm Date: Tue, 1 Mar 2005 10:17:31 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2005/02/28 00:54:10 [ssh_config.5] bz#849: document timeout on untrusted x11 forwarding sessions. Reported by orion AT cora.nwra.com; ok markus@ --- ChangeLog | 4 ++++ ssh_config.5 | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index eb9c15a3..a86dca22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,10 @@ [sshd.8] add /etc/motd and $HOME/.hushlogin to FILES; from michael knudsen; + - djm@cvs.openbsd.org 2005/02/28 00:54:10 + [ssh_config.5] + bz#849: document timeout on untrusted x11 forwarding sessions. Reported by + orion AT cora.nwra.com; ok markus@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] diff --git a/ssh_config.5 b/ssh_config.5 index 67b6ca72..8f6d851b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.41 2005/01/28 18:14:09 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -359,11 +359,16 @@ option is also enabled. If this option is set to .Dq yes then remote X11 clients will have full access to the original X11 display. +.Pp If this option is set to .Dq no then remote X11 clients will be considered untrusted and prevented from stealing or tampering with data belonging to trusted X11 clients. +Furthermore, the +.Xr xauth 1 +token used for the session will be set to expire after 20 minutes. +Remote clients will be refused access after this time. .Pp The default is .Dq no . -- 2.45.1