similar to: [Bug 987] "man ssh" doesn't mention 'ForwardX11Trusted'

http://bugzilla.mindrot.org/show_bug.cgi?id=987 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #3 from dtucker at zip.com.au 2006-10-07 11:38 ------- Change all RESOLVED bug to CLOSED with the exception

Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40, tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2. Symptoms: 1. When the client and server versions are unequal, the Kerberos ticket is not accepted for authentication. All the clients have PreferredAuthentications gssapi-with-mic, gssapi, others. 2.

A few options appear to be missing from the list in ssh's manual. The one I didn't add is EnableSSHKeysign, whose description implies it is only effective when placed in the system-wide config file. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011

https://bugzilla.mindrot.org/show_bug.cgi?id=2552 Bug ID: 2552 Summary: ssh -X and "ForwardX11Trusted no" break most applications, distros turn on "ForwardX11Trusted yes" Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity:

On 2005-01-11 at 6:36:13 Darren Tucker said: > kochera at postfinance.ch wrote: > > We upgraded from 3.7.1p2 to 3.9p1. The behaviour of the X11 forwarding > > changed significantly, it is much slower. See below the truss output > > (server side which runs 3.7.1p2) an check for the timestamp (6 seconds > > delay). Do you have any idea what may causes this behaviour?

Since packaging OpenSSH 3.8p1 for Debian, I've got a flood of bug reports and confusion about the new untrusted X client configuration. At least part of this seems to be the short (2 minutes!) timeout on the cookie, so that if you're impatient like me and open a connection to a machine that takes a little while to do the key exchange, go off and do something in another window in the

On 07/05/2015 04:51 AM, Liam O'Toole wrote: > One practical difference I have seen is the improved performance of -Y > over -X. I have long attributed that to the relaxation of security > controls in the former case. When and how did you measure that? The -Y change was introduced in Fedora Core 3, in November 2004. The default was changed to ForwardX11Trusted=yes just a month or

On Mon, 6 Jul 2015, Liam O'Toole wrote: > On 2015-07-05, Gordon Messmer > <gordon.messmer at gmail.com> wrote: >> On 07/05/2015 04:51 AM, Liam O'Toole wrote: >> >> At this point, I don't think it's even possible to set >> ForwardX11Trusted=no any more. The X SECURITY extension was replaced >> with "X Access Control Extension"

Hi, although i'm using X11Forwarding only in my local environment, i'd like to avoid setting 'ForwardX11Trusted' to 'yes'. When starting applications like 'freerdp' on the remote machine while 'ForwardX11Trusted' is _not_ set to 'yes' on the client, the characters \ = 51 = <BKSL> backslash | = 94 = <LSGT> pipe won't work. Any

Hello i have a problem on CentOS 4 with starting remote x application on remote CentOS 3 od Solaris 9 boxes. The problem is: When I run it from CentOS 3 it's OK form CentOS 4 I cannot find a bad word in logs ... My local machine stoping firewall [root at klima-pc ~]# service iptables stop [root at klima-pc ~]# iptables-save [root at klima-pc ~]# SELinux is OFF I am connecting by ssh

Hello, I know this is likely to give me a brute force attack hit, but the only thing anyone can accomplish by ssh-ing to my machine is to provide me with a tunnel into your machine. So don't bother. Anyway, my server machine is running this: /usr/bin/ssh -X -R ${port}:localhost:22 -o BatchMode=yes \ -o StrictHostKeyChecking=no ${user}@${my_home_machine} On my local machine: ssh -vvv -X

https://bugzilla.mindrot.org/show_bug.cgi?id=2031 Priority: P5 Bug ID: 2031 Assignee: unassigned-bugs at mindrot.org Summary: ssh config parser ignores host-specific overrides after wildcard. Severity: minor Classification: Unclassified OS: Linux Reporter: openssh at richardneill.org

Hi all! I've a server with Centos 4.0 without X server, but I need use mysql-administrator from other pc with X server. In the moment to export X from the server this message show me: [root at server]# mysql-administrator (mysql-administrator-bin:19124): Gtk-WARNING **: cannot open display: The /etc/ssh/sshd_config have X11Forwarding yes and the /etc/ssh/ssh_config have Host *

This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Trixie Able <table at inventati.org> --- clientloop.c | 12

Hi, the following patch to contrib/cygwin/ssh-host-config creates /etc/ssh_config and /etc/sshd_config according to the current default config files. Could somebody please check it in? Corinna Index: contrib/cygwin/ssh-host-config =================================================================== RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v retrieving revision 1.3 diff -u -p

Hi all, I'm really struggling with getting Kerberos authentication to work between a FreeBSD host and a Linux host. I'm using the latest 6- STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens (verified with "klist -f") and Kerberos and ssh are working fine in all other ways, but I can't get the Linux box to accept the Kerberos ticket as

http://bugzilla.mindrot.org/show_bug.cgi?id=1004 Summary: X11 forwarding not working with ssh3.9p1 (Error: Can't open display) Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: Miscellaneous

I found this problem when working with the Suse9.1 distribution, but have since reproduced it with a vanilla build of Openssh (openssh-3.9p1.tar.gz). Basically I cannot get a command like this: XXXX>ssh -vvv -1 -o "RhostsAuthentication yes" AAAA to work. Yes the appropriate settings are in the servers sshd_config file. Hostbased protocol 1 ssh using rhosts between computers is

On 2015-07-05, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 07/05/2015 04:51 AM, Liam O'Toole wrote: >> One practical difference I have seen is the improved performance of >> -Y over -X. I have long attributed that to the relaxation of security >> controls in the former case. > > When and how did you measure that? > > The -Y change was

I have sshd server sshd -V ... OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 ... running on linux/64 with cat sshd_config ... PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no