Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- From: Ian Smith <smithi@xxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2008 21:39:36 +1000 (EST)
On Thu, 17 Apr 2008, Peter Pentchev wrote:
On Thu, Apr 17, 2008 at 04:07:56PM +1000, Ian Smith wrote:
On Thu, 17 Apr 2008, FreeBSD Security Advisories wrote:
> IV. Workaround
>
> Disable support for IPv6 in the sshd(8) daemon by setting the option
> "AddressFamily inet" in /etc/ssh/sshd_config.
>
> Disable support for X11 forwarding in the sshd(8) daemon by setting
> the option "X11Forwarding no" in /etc/ssh/sshd_config.
It's not quite clear from this whether both workarounds are required, or
just either one, until upgrading?
Either one, depending on what you want - if your users *need* and use
X11 forwarding, then you wouldn't want to use "X11Forwarding no" :)
Basically:
- if you DO NOT use X11 forwarding, just disable it with "X11Forwarding no"
- if you use X11 forwarding *and* you DO NOT use IPv6, use the
"AddressFamily inet" line
- if you use X11 forwarding *and* you use IPv6, then you must upgrade.
Thanks for the confirmation Peter, also Jille and mouss.
cheers, Ian
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- From: Matthew Seaman
- Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- Prev by Date: Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- Next by Date: Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- Previous by thread: Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- Next by thread: Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- Index(es):
