Apply by doing:
	cd /usr/src/usr.bin/ssh
	patch -p0 < 006_sshcookie.patch

And then rebuild and install ssh:
	make obj
	make cleandir
	make depend
	make
	make install
	cp ssh_config sshd_config /etc

Index: channels.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.109
diff -u -r1.109 channels.c
--- channels.c	2001/04/17 12:55:03	1.109
+++ channels.c	2001/06/12 21:44:35
@@ -2524,10 +2524,17 @@
 /* removes the agent forwarding socket */
 
 void
-cleanup_socket(void)
+auth_sock_cleanup_proc(void *_pw)
 {
-	unlink(channel_forwarded_auth_socket_name);
-	rmdir(channel_forwarded_auth_socket_dir);
+	struct passwd *pw = _pw;
+
+	if (channel_forwarded_auth_socket_name) {
+		temporarily_use_uid(pw);
+		unlink(channel_forwarded_auth_socket_name);
+		rmdir(channel_forwarded_auth_socket_dir);
+		channel_forwarded_auth_socket_name = NULL;
+		restore_uid();
+	}
 }
 
 /*
@@ -2566,11 +2573,9 @@
 	snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d",
 		 channel_forwarded_auth_socket_dir, (int) getpid());
 
-	if (atexit(cleanup_socket) < 0) {
-		int saved = errno;
-		cleanup_socket();
-		packet_disconnect("socket: %.100s", strerror(saved));
-	}
+	/* delete agent socket on fatal() */
+	fatal_add_cleanup(auth_sock_cleanup_proc, pw);
+
 	/* Create the socket. */
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (sock < 0)
Index: channels.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.h,v
retrieving revision 1.31
diff -u -r1.31 channels.h
--- channels.h	2001/04/13 22:46:53	1.31
+++ channels.h	2001/06/12 21:44:35
@@ -293,6 +293,8 @@
  */
 char   *auth_get_socket_name(void);
 
+void	auth_sock_cleanup_proc(void *_pw);
+
 /*
  * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
  * This starts forwarding authentication requests.
Index: session.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.74
diff -u -r1.74 session.c
--- session.c	2001/04/17 19:34:25	1.74
+++ session.c	2001/06/12 21:44:35
@@ -108,9 +108,6 @@
 extern int startup_pipe;
 extern void destroy_sensitive_data(void);
 
-/* Local Xauthority file. */
-static char *xauthfile;
-
 /* original command from peer. */
 char *original_command = NULL;
 
@@ -154,27 +151,10 @@
 		do_authenticated2(authctxt);
 	else
 		do_authenticated1(authctxt);
-}
 
-/*
- * Remove local Xauthority file.
- */
-void
-xauthfile_cleanup_proc(void *ignore)
-{
-	debug("xauthfile_cleanup_proc called");
-
-	if (xauthfile != NULL) {
-		char *p;
-		unlink(xauthfile);
-		p = strrchr(xauthfile, '/');
-		if (p != NULL) {
-			*p = '\0';
-			rmdir(xauthfile);
-		}
-		xfree(xauthfile);
-		xauthfile = NULL;
-	}
+	/* remove agent socket */
+	if (auth_get_socket_name())
+		auth_sock_cleanup_proc(authctxt->pw);
 }
 
 /*
@@ -209,7 +189,7 @@
 {
 	Session *s;
 	char *command;
-	int success, type, fd, n_bytes, plen, screen_flag, have_pty = 0;
+	int success, type, n_bytes, plen, screen_flag, have_pty = 0;
 	int compression_level = 0, enable_compression_after_reply = 0;
 	u_int proto_len, data_len, dlen;
 
@@ -330,25 +310,6 @@
 			if (s->display == NULL)
 				break;
 
-			/* Setup to always have a local .Xauthority. */
-			xauthfile = xmalloc(MAXPATHLEN);
-			strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
-			temporarily_use_uid(s->pw);
-			if (mkdtemp(xauthfile) == NULL) {
-				restore_uid();
-				error("private X11 dir: mkdtemp %s failed: %s",
-				    xauthfile, strerror(errno));
-				xfree(xauthfile);
-				xauthfile = NULL;
-				/* XXXX remove listening channels */
-				break;
-			}
-			strlcat(xauthfile, "/cookies", MAXPATHLEN);
-			fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
-			if (fd >= 0)
-				close(fd);
-			restore_uid();
-			fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
 			success = 1;
 			break;
 
@@ -402,9 +363,6 @@
 
 			if (command != NULL)
 				xfree(command);
-			/* Cleanup user's local Xauthority file. */
-			if (xauthfile)
-				xauthfile_cleanup_proc(NULL);
 			return;
 
 		default:
@@ -973,8 +931,6 @@
 	}
 #endif /* KRB4 */
 
-	if (xauthfile)
-		child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
 	if (auth_get_socket_name() != NULL)
 		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
 			      auth_get_socket_name());
@@ -1372,7 +1328,6 @@
 int
 session_x11_req(Session *s)
 {
-	int fd;
 	if (no_x11_forwarding_flag) {
 		debug("X11 forwarding disabled in user configuration file.");
 		return 0;
@@ -1381,11 +1336,6 @@
 		debug("X11 forwarding disabled in server configuration file.");
 		return 0;
 	}
-	if (xauthfile != NULL) {
-		debug("X11 fwd already started.");
-		return 0;
-	}
-
 	debug("Received request for X11 forwarding with auth spoofing.");
 	if (s->display != NULL)
 		packet_disconnect("Protocol error: X11 display already set.");
@@ -1402,26 +1352,6 @@
 		xfree(s->auth_data);
 		return 0;
 	}
-	xauthfile = xmalloc(MAXPATHLEN);
-	strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
-	temporarily_use_uid(s->pw);
-	if (mkdtemp(xauthfile) == NULL) {
-		restore_uid();
-		error("private X11 dir: mkdtemp %s failed: %s",
-		    xauthfile, strerror(errno));
-		xfree(xauthfile);
-		xauthfile = NULL;
-		xfree(s->auth_proto);
-		xfree(s->auth_data);
-		/* XXXX remove listening channels */
-		return 0;
-	}
-	strlcat(xauthfile, "/cookies", MAXPATHLEN);
-	fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
-	if (fd >= 0)
-		close(fd);
-	restore_uid();
-	fatal_add_cleanup(xauthfile_cleanup_proc, s);
 	return 1;
 }
 
@@ -1715,6 +1645,4 @@
 {
 
 	server_loop2();
-	if (xauthfile)
-		xauthfile_cleanup_proc(NULL);
 }