"Bad public key options"
Guilhem Moulin
guilhem at fripost.org
Wed Jun 17 22:01:04 AWST 2020
On Wed, 17 Jun 2020 at 20:18:58 +0800, Matt Johnston wrote:
>> On Tue 16/6/2020, at 9:58 am, Guilhem Moulin <guilhem at fripost.org> wrote:
>>> - […] x11 forwarding are now disabled by default.
>>
>> I have no opinion about disabling this at compile-time, however the
>> current implementation locks out (“Bad public key options”) users with
>> ‘no-X11-forwarding’ in their authorized_keys(5) files.
>
> Thanks, I'll apply that and organise a bug fix release (waiting to see
> if there are an other immediate regressions).
Awesome thanks :-)
> For Debian I think it might be worth keeping x11 forwarding enabled.
> I disabled x11 forwarding because most embedded platforms (Dropbear's
> most common usecase (?)) wouldn't have any use for it. On a general
> distro it can be useful.
I considered that before the upload: my gut feeling based on popcon and
bug reports to the Debian BTS is that most users of the Debian package
don't have X11 alongside the SSHd. I mentioned the change in the NEWS
file; might reconsider if someone complains.
Would rather stick to the upstream compiled-in code as the rest is less
likely to be battle-tested :-P
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20200617/e7b591b4/attachment.sig
More information about the Dropbear
mailing list