diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-19 14:09:46 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-19 14:09:46 +0000 |
| commit | 376228af743fb142266c7f3ab84708cf7d76c67a (patch) | |
| tree | 356cb5cd166df2f32759c67d6e02ab3b3e5b6e86 /usr.bin | |
| parent | b18aa94eafb4dbf5d7c2dd069fb83c517a8818ff (diff) | |
disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/session.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 16 |
2 files changed, 19 insertions, 4 deletions
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 8e08ea1df20..76d7cb324b6 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.90 2001/06/19 12:34:09 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.91 2001/06/19 14:09:45 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1598,6 +1598,11 @@ session_setup_x11fwd(Session *s) packet_send_debug("No xauth program; cannot forward with spoofing."); return 0; } + if (options.use_login) { + packet_send_debug("X11 forwarding disabled; " + "not compatible with UseLogin=yes."); + return 0; + } if (s->display != NULL) { debug("X11 display already set."); return 0; diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index ac681e3fdde..58304ace664 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.126 2001/06/11 16:04:38 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.127 2001/06/19 14:09:45 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -788,11 +788,18 @@ The default is AUTH. Specifies whether .Xr login 1 is used for interactive login sessions. +The default is +.Dq no . Note that .Xr login 1 is never used for remote command execution. -The default is -.Dq no . +Note also, that if this is enabled, +.Cm X11Forwarding +will be disabled because +.Xr login 1 +does not know how to handle +.Xr xauth 1 +cookies. .It Cm X11DisplayOffset Specifies the first display number available for .Nm sshd Ns 's @@ -807,6 +814,9 @@ The default is .Dq no . Note that disabling X11 forwarding does not improve security in any way, as users can always install their own forwarders. +X11 forwarding is automatically disabled if +.Cm UseLogin +is enabled. .It Cm XAuthLocation Specifies the location of the .Xr xauth 1 |