- djm@cvs.openbsd.org 2005/02/28 00:54:10
[ssh_config.5]
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
orion AT cora.nwra.com; ok markus@
diff --git a/ssh_config.5 b/ssh_config.5
index 67b6ca7..8f6d851 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.41 2005/01/28 18:14:09 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
@@ -359,11 +359,16 @@
If this option is set to
.Dq yes
then remote X11 clients will have full access to the original X11 display.
+.Pp
If this option is set to
.Dq no
then remote X11 clients will be considered untrusted and prevented
from stealing or tampering with data belonging to trusted X11
clients.
+Furthermore, the
+.Xr xauth 1
+token used for the session will be set to expire after 20 minutes.
+Remote clients will be refused access after this time.
.Pp
The default is
.Dq no .