openssh-5.9p1-sshd_config.diff

===================================================================

diff --git a/ssh_config b/ssh_config
index 03a228f..a0c0b2a 100644 (file)
--- a/ssh_config
+++ b/ssh_config
@@ -17,9 +17,20 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.
 
-# Host *
+Host *
 #   ForwardAgent no
 #   ForwardX11 no
+
+# If you do not trust your remote host (or its administrator), you
+# should not forward X11 connections to your local X11-display for
+# security reasons: Someone stealing the authentification data on the
+# remote side (the "spoofed" X-server by the remote sshd) can read your
+# keystrokes as you type, just like any other X11 client could do.
+# Set this to "no" here for global effect or in your own ~/.ssh/config
+# file if you want to have the remote X11 authentification data to
+# expire after two minutes after remote login.
+ForwardX11Trusted yes
+
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes

diff --git a/sshd_config b/sshd_config
index e9045bc..e508bde 100644 (file)
--- a/sshd_config
+++ b/sshd_config
@@ -99,7 +99,7 @@ AuthorizedKeysFile    .ssh/authorized_keys
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
-#X11Forwarding no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes

diff --git a/sshlogin.c b/sshlogin.c
index e79ca9b..fad07f2 100644 (file)
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -133,6 +133,7 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
 
        li = login_alloc_entry(pid, user, host, tty);
        login_set_addr(li, addr, addrlen);
+       li->uid=uid;
        login_login(li);
        login_free_entry(li);
 }