On Wed, 17 Jun 2020 at 20:18:58 +0800, Matt Johnston wrote: >> On Tue 16/6/2020, at 9:58 am, Guilhem Moulin <guil...@fripost.org> wrote: >>> - […] x11 forwarding are now disabled by default. >> >> I have no opinion about disabling this at compile-time, however the >> current implementation locks out (“Bad public key options”) users with >> ‘no-X11-forwarding’ in their authorized_keys(5) files. > > Thanks, I'll apply that and organise a bug fix release (waiting to see > if there are an other immediate regressions).
Awesome thanks :-) > For Debian I think it might be worth keeping x11 forwarding enabled. > I disabled x11 forwarding because most embedded platforms (Dropbear's > most common usecase (?)) wouldn't have any use for it. On a general > distro it can be useful. I considered that before the upload: my gut feeling based on popcon and bug reports to the Debian BTS is that most users of the Debian package don't have X11 alongside the SSHd. I mentioned the change in the NEWS file; might reconsider if someone complains. Would rather stick to the upstream compiled-in code as the rest is less likely to be battle-tested :-P -- Guilhem.
signature.asc
Description: PGP signature