swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-21 12:59:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change the default value of programs.ssh.forwardX11 to false.

Browse source 
Forwarding X11 to untrusted servers is extremely insecure; see for example
http://www.hackinglinuxexposed.com/articles/20040705.html
This commit is contained in:
James Cook 2012-10-09 23:21:45 -07:00
parent e40146de16
commit 5181ca4a3f
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/programs/ssh.nix
View file

@ -16,11 +16,13 @@ in
programs.ssh = {
forwardX11 = mkOption {
default = cfgd.forwardX11;
default = false;
description = ''
Whether to request X11 forwarding on outgoing connections by default.
This is useful for running graphical programs on the remote machine and have them display to your local X11 server.
Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two.
Warning: never enable X11 forwarding unless you are connecting to a machine you trust!
To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh.
'';
};