I'd always thought this was a known misfeature of ssh; if you're using ssh for anonymous logins or the like, you have to add no-port-forwarding,no-X11-forwarding,no-agent-forwarding to the line in authorized_keys or turn that stuff off some other way. So I'm suprised to see an advisory and CAN number for this.
I've always found the documentation adequate, and we can't really get away with changing the default (although I do with ssh defaulted to no port forwarding since day 1, it's too late now..), so I don't know what if anything the ssh maintainer can do besides closing the bug. -- see shy jo
signature.asc
Description: Digital signature
