tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- stevesk@cvs.openbsd.org 2002/08/27 17:18:40 

[ssh_config.5]
     some warning text for ForwardAgent and ForwardX11; ok markus@
This commit is contained in:
Damien Miller 2002-09-04 16:40:37 +10:00
parent f7c2391d83
commit af65304a3c
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -35,6 +35,9 @@
[ssh-rsa.c] [ssh-rsa.c]
RSA_public_decrypt() returns -1 on error so len must be signed; RSA_public_decrypt() returns -1 on error so len must be signed;
ok markus@ ok markus@
- stevesk@cvs.openbsd.org 2002/08/27 17:18:40
[ssh_config.5]
some warning text for ForwardAgent and ForwardX11; ok markus@
20020820 20020820
- OpenBSD CVS Sync - OpenBSD CVS Sync
@ -1576,4 +1579,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2436 2002/09/04 06:39:48 djm Exp $ $Id: ChangeLog,v 1.2437 2002/09/04 06:40:37 djm Exp $

15
ssh_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh_config.5,v 1.2 2002/08/17 23:55:01 stevesk Exp $ .\" $OpenBSD: ssh_config.5,v 1.3 2002/08/27 17:18:40 stevesk Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSH_CONFIG 5 .Dt SSH_CONFIG 5
.Os .Os
@ -258,6 +258,13 @@ or
.Dq no . .Dq no .
The default is The default is
.Dq no . .Dq no .
.Pp
Agent forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the agent's
Unix-domain socket) can access the local agent through the forwarded
connection. An attacker cannot obtain key material from the agent,
however they can perform operations on the keys that enable them to
authenticate using the identities loaded into the agent.
.It Cm ForwardX11 .It Cm ForwardX11
Specifies whether X11 connections will be automatically redirected Specifies whether X11 connections will be automatically redirected
over the secure channel and over the secure channel and
@ -269,6 +276,12 @@ or
.Dq no . .Dq no .
The default is The default is
.Dq no . .Dq no .
.Pp
X11 forwarding should be enabled with caution. Users with the ability
to bypass file permissions on the remote host (for the user's X
authorization database) can access the local X11 display through the
forwarded connection. An attacker may then be able to perform
activities such as keystroke monitoring.
.It Cm GatewayPorts .It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to local Specifies whether remote hosts are allowed to connect to local
forwarded ports. forwarded ports.