From k.stevenson@louisville.edu  Thu Mar 23 07:31:04 2000
Return-Path: <k.stevenson@louisville.edu>
Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36])
	by hub.freebsd.org (Postfix) with ESMTP id A486F37C4C5
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 23 Mar 2000 07:31:02 -0800 (PST)
	(envelope-from k.stevenson@louisville.edu)
Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114])
	by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id 16ADD25388
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 23 Mar 2000 10:30:42 -0500 (EST)
Received: by osaka.louisville.edu (Postfix, from userid 15)
	id BAC1518605; Thu, 23 Mar 2000 10:30:41 -0500 (EST)
Message-Id: <20000323153041.BAC1518605@osaka.louisville.edu>
Date: Thu, 23 Mar 2000 10:30:41 -0500 (EST)
From: ktstev01@louisville.edu
Sender: k.stevenson@louisville.edu
Reply-To: ktstev01@osaka.louisville.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] ssh(1) and sshd(8) manpage error
X-Send-Pr-Version: 3.2

>Number:         17566
>Category:       docs
>Synopsis:       [PATCH] ssh(1) and sshd(8) manpage error
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 23 07:40:01 PST 2000
>Closed-Date:    Sun Apr 30 15:35:29 PDT 2000
>Last-Modified:  Sun Apr 30 15:36:02 PDT 2000
>Originator:     Keith Stevenson
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
University of Louisville
>Environment:

	FreeBSD 4.0-STABLE

>Description:

	The man pages for ssh(1) and sshd(8) do not reflect the recent
	policy decision to not forward X11 connections by default.

>How-To-Repeat:

	N/A

>Fix:

	More enlightened persons may wish to review my wording in the
patch.

Index: ssh.1
===================================================================
RCS file: /opt/ncvs/src/crypto/openssh/ssh.1,v
retrieving revision 1.4
diff -u -r1.4 ssh.1
--- ssh.1	2000/03/13 00:22:52	1.4
+++ ssh.1	2000/03/23 14:50:24
@@ -207,14 +207,15 @@
 .Pp
 If the user is using X11 (the
 .Ev DISPLAY
-environment variable is set), the connection to the X11 display is
-automatically forwarded to the remote side in such a way that any X11
+environment variable is set), the connection to the X11 display can
+be forwarded to the remote side in such a way that any X11
 programs started from the shell (or command) will go through the
 encrypted channel, and the connection to the real X server will be made
 from the local machine.  The user should not manually set
 .Ev DISPLAY .
-Forwarding of X11 connections can be
-configured on the command line or in configuration files.
+Forwarding of X11 connections weakens the security of ssh and is
+disabled by default.  X11 forwarding can be enabled on the command line
+or in configuration files.
 .Pp
 The
 .Ev DISPLAY
Index: sshd.8
===================================================================
RCS file: /opt/ncvs/src/crypto/openssh/sshd.8,v
retrieving revision 1.5
diff -u -r1.5 sshd.8
--- sshd.8	2000/03/13 00:22:52	1.5
+++ sshd.8	2000/03/23 15:22:27
@@ -480,9 +480,7 @@
 The default is 10.
 .It Cm X11Forwarding
 Specifies whether X11 forwarding is permitted.  The default is
-.Dq yes .
-Note that disabling X11 forwarding does not improve security in any
-way, as users can always install their own forwarders.
+.Dq no .
 .El
 .Sh LOGIN PROCESS
 When a user successfully logs in,

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: nik 
State-Changed-When: Sun Apr 30 15:35:29 PDT 2000 
State-Changed-Why:  
Committed.  Thanks. 
>Unformatted:
