>From the FreeBSD man page: X11Forwarding Specifies whether X11 forwarding is permitted. The argument must be ``yes'' or ``no''. The default is ``yes''.
>From the NetBSD page: X11Forwarding Specifies whether X11 forwarding is permitted. The argument must be ``yes'' or ``no''. The default is ``no''. I don't mean to compare apples and oranges, nor to start a "My OS can kick your OSes butt" thread; but I am wondering about the difference. It seems the NetBSD default is safer, but I am also no security wonk. It occurred to me that the man page for FreeBSD could be incorrect; but I doubt that...it actually strikes me as a choice made to reflect a balance between options. Is the default set to no a more secure option? Or is it something that can be arguH^H^discussed at length? I do note that the man page for both OSes states that UseLogin defaults to no, and that if used, X11 forwarding is turned off. However, in the default config file for sshd, the line for UseLogin is commented out. Given this latter state of affairs, can I continue to assume that X11 forwarding is in fact _not_ enabled by default in FreeBSD? Oh, and what is the difference between the entry in the ssh_config file and the sshd_config file? Incoming vs. outbound traffic? That is, sshd_config accepts incoming X11 forwarding (that is, from a remote host, to the localhost), and ssh_config allows outbound (from the localhost to a remote host) X11 forwarding? It sure looks that way... Hmmm....now I'm thinking that this: serverargs="-nolisten tcp" in /usr/X11R6/bin/startx/ may make this a bit of a moot point....is this correct? -- The George W. Bush Five Point Economic Recovery Plan: Hunt, Kill, Eat, Hump, Shit. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"