mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 21:09:00 +02:00
Change the default value of programs.ssh.forwardX11 to false.
Forwarding X11 to untrusted servers is extremely insecure; see for example http://www.hackinglinuxexposed.com/articles/20040705.html
This commit is contained in:
parent
e40146de16
commit
5181ca4a3f
|
@ -16,11 +16,13 @@ in
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
|
|
||||||
forwardX11 = mkOption {
|
forwardX11 = mkOption {
|
||||||
default = cfgd.forwardX11;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Whether to request X11 forwarding on outgoing connections by default.
|
Whether to request X11 forwarding on outgoing connections by default.
|
||||||
This is useful for running graphical programs on the remote machine and have them display to your local X11 server.
|
This is useful for running graphical programs on the remote machine and have them display to your local X11 server.
|
||||||
Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two.
|
Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two.
|
||||||
|
Warning: never enable X11 forwarding unless you are connecting to a machine you trust!
|
||||||
|
To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue