similar to: ForwardX11Timeout = 0 disables untrusted connections

This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Trixie Able <table at inventati.org> --- clientloop.c | 12

On Fri, 26 Jun 2015 at 03:16 -0000, Alexandru Chiscan wrote: > On 06/25/2015 11:51 PM, Stuart Barkley wrote: > > Then from your desktop (assuming Linux already running X) in a > > local xterm do something like: > > > > ssh -Y remote-system > > Do not use that because any user logged on the server can connect to > your X server display and snoop what you

https://bugzilla.mindrot.org/show_bug.cgi?id=2295 Bug ID: 2295 Summary: clarify the effect of ForwardX11Timeout=0 in ssh config Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation

A few options appear to be missing from the list in ssh's manual. The one I didn't add is EnableSSHKeysign, whose description implies it is only effective when placed in the system-wide config file. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011

Since packaging OpenSSH 3.8p1 for Debian, I've got a flood of bug reports and confusion about the new untrusted X client configuration. At least part of this seems to be the short (2 minutes!) timeout on the cookie, so that if you're impatient like me and open a connection to a machine that takes a little while to do the key exchange, go off and do something in another window in the

Versions: openssh-3.8p1-33, heimdal-0.6.1rc3-51, XFree86-4.3.99.902-40, tk-8.4.6-37, all from SuSE 9.1 (unhacked); back-version peers have openssh-3.5p1, XFree86-4.3.0-115, etc. from SuSE 8.2. Symptoms: 1. When the client and server versions are unequal, the Kerberos ticket is not accepted for authentication. All the clients have PreferredAuthentications gssapi-with-mic, gssapi, others. 2.

On 2005-01-11 at 6:36:13 Darren Tucker said: > kochera at postfinance.ch wrote: > > We upgraded from 3.7.1p2 to 3.9p1. The behaviour of the X11 forwarding > > changed significantly, it is much slower. See below the truss output > > (server side which runs 3.7.1p2) an check for the timestamp (6 seconds > > delay). Do you have any idea what may causes this behaviour?

https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Petr Cerny [:hrosik] <pcerny at suse.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny at suse.cz -- You are receiving this mail because: You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Petr Cerny [:hrosik] <pcerny at suse.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny at suse.cz -- You are receiving this mail because: You are watching the assignee of the bug. You are

https://bugzilla.mindrot.org/show_bug.cgi?id=1873 Petr Cerny [:hrosik] <pcerny at suse.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny at suse.cz -- You are receiving this mail because: You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2552 Bug ID: 2552 Summary: ssh -X and "ForwardX11Trusted no" break most applications, distros turn on "ForwardX11Trusted yes" Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity:

https://bugzilla.mindrot.org/show_bug.cgi?id=1785 Summary: configurable timeout for x11 cookies Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

OpenSSH 7.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Hello, I know this is likely to give me a brute force attack hit, but the only thing anyone can accomplish by ssh-ing to my machine is to provide me with a tunnel into your machine. So don't bother. Anyway, my server machine is running this: /usr/bin/ssh -X -R ${port}:localhost:22 -o BatchMode=yes \ -o StrictHostKeyChecking=no ${user}@${my_home_machine} On my local machine: ssh -vvv -X

http://bugzilla.mindrot.org/show_bug.cgi?id=111 Summary: sshd syslogs raw untrusted data Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

OpenSSH 6.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

hi: at RHEL 7.4 we had used "map untrusted to domain = yes". so users can login with "username" instead of "sam-dom\username". after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7. now "map untrusted to domain = yes" or "map untrusted to domain = auto" are not working. can we still let user to use "usename" instead

$ ssh -v OpenSSH_5.1, OpenSSL 0.9.8j 07 Jan 2009 $ ssh -vvv -X example.com [ Relevant debug info: ] debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 [OpenSSH_5.1, OpenSSL 0.9.7j 04 May 2006] debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-TLLOFKxvay/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null Warning: untrusted X11 forwarding

2018-06-29 15:12 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>: > On Fri, 29 Jun 2018 12:56:33 +0800 > d tbsky via samba <samba at lists.samba.org> wrote: > >> hi: >> >> at RHEL 7.4 we had used "map untrusted to domain = yes". so users >> can login with "username" instead of "sam-dom\username". >>

Hi I have a question/problem about winbind and the "map untrusted to domain" (=yes) parameter. I use samba 3.6.0 on FreeBSD 8.2 with the following configuration: [global] encrypt passwords = yes map untrusted to domain = yes allow trusted domains = yes client ntlmv2 auth = yes client use spnego = yes client lanman auth = yes client plaintext auth = no winbind enum