similar to: ForwardX11Trusted

https://bugzilla.mindrot.org/show_bug.cgi?id=2552 Bug ID: 2552 Summary: ssh -X and "ForwardX11Trusted no" break most applications, distros turn on "ForwardX11Trusted yes" Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity:

Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40, tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2. Symptoms: 1. When the client and server versions are unequal, the Kerberos ticket is not accepted for authentication. All the clients have PreferredAuthentications gssapi-with-mic, gssapi, others. 2.

http://bugzilla.mindrot.org/show_bug.cgi?id=987 Summary: "man ssh" doesn't mention 'ForwardX11Trusted' Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation AssignedTo: openssh-bugs at

This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Trixie Able <table at inventati.org> --- clientloop.c | 12

On 2005-01-11 at 6:36:13 Darren Tucker said: > kochera at postfinance.ch wrote: > > We upgraded from 3.7.1p2 to 3.9p1. The behaviour of the X11 forwarding > > changed significantly, it is much slower. See below the truss output > > (server side which runs 3.7.1p2) an check for the timestamp (6 seconds > > delay). Do you have any idea what may causes this behaviour?

http://bugzilla.mindrot.org/show_bug.cgi?id=832 Summary: X forwarding crashes on some applications Product: Portable OpenSSH Version: 3.8p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: ktaylor

Hi, although i'm using X11Forwarding only in my local environment, i'd like to avoid setting 'ForwardX11Trusted' to 'yes'. When starting applications like 'freerdp' on the remote machine while 'ForwardX11Trusted' is _not_ set to 'yes' on the client, the characters \ = 51 = <BKSL> backslash | = 94 = <LSGT> pipe won't work. Any

On 07/05/2015 04:51 AM, Liam O'Toole wrote: > One practical difference I have seen is the improved performance of -Y > over -X. I have long attributed that to the relaxation of security > controls in the former case. When and how did you measure that? The -Y change was introduced in Fedora Core 3, in November 2004. The default was changed to ForwardX11Trusted=yes just a month or

On Mon, 6 Jul 2015, Liam O'Toole wrote: > On 2015-07-05, Gordon Messmer > <gordon.messmer at gmail.com> wrote: >> On 07/05/2015 04:51 AM, Liam O'Toole wrote: >> >> At this point, I don't think it's even possible to set >> ForwardX11Trusted=no any more. The X SECURITY extension was replaced >> with "X Access Control Extension"

http://bugzilla.mindrot.org/show_bug.cgi?id=459 Summary: ssh-keygen doesn't know how to export private keys Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: openssh-unix-dev at mindrot.org

On Fri, 26 Jun 2015 at 03:16 -0000, Alexandru Chiscan wrote: > On 06/25/2015 11:51 PM, Stuart Barkley wrote: > > Then from your desktop (assuming Linux already running X) in a > > local xterm do something like: > > > > ssh -Y remote-system > > Do not use that because any user logged on the server can connect to > your X server display and snoop what you

http://bugzilla.mindrot.org/show_bug.cgi?id=803 Summary: Security Bug: X11 Forwarding is more powerful than it needs to be. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs

X11 forwarding is not working. It has unstable behaviour, X clients often have lost connections (cannot find window). Typical example - gimp, launched from remote host. Tested latest snapshots.

Hello Stuart, On 06/25/2015 11:51 PM, Stuart Barkley wrote: > For (ssh based) X forwarding no X server needs to run on the server. > I usually install the xorg-x11-xauth (necessary) and xterm (optional) > rpms on all my servers in case X forwarding becomes necessary. > > Then from your desktop (assuming Linux already running X) in a local > xterm do something like: > >

Hi, it seems that setting ForwardX11Trusted = yes ForwardX11Timeout = 0 causes untrusted connections to be refused immediately. While this certainly makes sense this way, I believe in this case ForwardX11Timeout = 0 might be better used for disabling the timeout entirely (the current behaviour is the same as ForwardX11Trusted = no). Is there some reason while this would be a bad idea?

https://bugzilla.mindrot.org/show_bug.cgi?id=1718 Summary: Spurious messages "X11 connection rejected because of wrong authentication." Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

I am running Fedora 3 on a Dell 600. The version of OpenSSH is OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 I am connect to a Sparc Solaris 9 uname -a SunOS mycomp 5.9 Generic_117171-07 sun4u sparc SUNW,Ultra-250 I use ssh to get from Fedora to the Sparc ssh -X root at mycomp mycomp password: And I am logged in. For this example I run xterm, but it also fails with xemacs Run xterm The terminal

Has anybody else experienced weird X11 forwarding problems such as the one below: andreas at teste10:~> x3270 X Error of failed request: BadWindow (invalid Window parameter) Major opcode of failed request: 3 (X_GetWindowAttributes) Resource id in failed request: 0x404372 Serial number of failed request: 833 Current serial number in output stream: 834 or andreas at teste10:~>

A few options appear to be missing from the list in ssh's manual. The one I didn't add is EnableSSHKeysign, whose description implies it is only effective when placed in the system-wide config file. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011

http://bugzilla.mindrot.org/show_bug.cgi?id=987 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #3 from dtucker at zip.com.au 2006-10-07 11:38 ------- Change all RESOLVED bug to CLOSED with the exception