Fixed the documentation for programs.ssh.forwardX11 to account for the X11 SECURITY extension.

2012-11-18 11:05:18 -08:00 · 2012-11-18 11:05:18 -08:00 · 3afa5f86c1
commit 3afa5f86c1
parent 63dc873b85
1 changed files with 3 additions and 1 deletions
--- a/modules/programs/ssh.nix
+++ b/modules/programs/ssh.nix
@ -21,8 +21,10 @@ in
          Whether to request X11 forwarding on outgoing connections by default.
          This is useful for running graphical programs on the remote machine and have them display to your local X11 server.
          Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two.
-          Warning: never enable X11 forwarding unless you are connecting to a machine you trust!
+          Note: there are some security risks to forwarding an X11 connection.
+          NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks.
          To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh.
+          The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
        '';
      };