pool/openssh
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
869b2ae788
openssh/openssh-7.7p1-X11_trusted_forwarding.patch
Antonio Larrosa 45f6d17800 - Add obsoletes for openssh-server-config-rootlogin since that 
package existed for a brief period of time during SLE 15 SP6/
  Leap 15.6 development but even if it was removed from the
  repositories before GM, some users might have it in their
  systems from having tried a beta/RC release (boo#1227350).

    quoting was present in the user-supplied ssh_config(5) directive
    (bsc#1218215, CVE-2023-51385).

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=270
2024-07-05 11:34:53 +00:00

48 lines
1.7 KiB
Diff
Raw Blame History

# HG changeset patch
# Parent d25c96855fd67e997e25ec1198d953af33eb289c
# enable trusted X11 forwarding by default in both sshd and sshsystem-wide
# configuration
# bnc#50836 (was suse #35836)
Enable Trusted X11 forwarding by default, since the security benefits of
having it disabled are negligible these days with XI2 being widely used.
Index: openssh-8.8p1/ssh_config
===================================================================
--- openssh-8.8p1.orig/ssh_config
+++ openssh-8.8p1/ssh_config
@@ -17,9 +17,20 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
-# Host *
+Host *
# ForwardAgent no
# ForwardX11 no
+
+# If you do not trust your remote host (or its administrator), you
+# should not forward X11 connections to your local X11-display for
+# security reasons: Someone stealing the authentification data on the
+# remote side (the "spoofed" X-server by the remote sshd) can read your
+# keystrokes as you type, just like any other X11 client could do.
+# Set this to "no" here for global effect or in your own ~/.ssh/config
+# file if you want to have the remote X11 authentification data to
+# expire after twenty minutes after remote login.
+ ForwardX11Trusted yes
+
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
Index: openssh-8.8p1/sshd_config
===================================================================
--- openssh-8.8p1.orig/sshd_config
+++ openssh-8.8p1/sshd_config
@@ -84,7 +84,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
-#X11Forwarding no
+X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
Reference in New Issue View Git Blame Copy Permalink