tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- stevesk@cvs.openbsd.org 2002/09/11 17:55:03 

[ssh.1]
     add agent and X11 forwarding warning text from ssh_config.5; ok markus@
This commit is contained in:
Damien Miller 2002-09-12 09:52:03 +10:00
parent 538f1819d8
commit b5fdfaae13
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -15,6 +15,9 @@
[ssh-agent.c]
check the euid of the connecting process with getpeereid(2);
ok provos deraadt stevesk
- stevesk@cvs.openbsd.org 2002/09/11 17:55:03
[ssh.1]
add agent and X11 forwarding warning text from ssh_config.5; ok markus@
20020911
- (djm) Sync openbsd-compat with OpenBSD -current
@ -1635,4 +1638,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2455 2002/09/11 23:51:10 djm Exp $
$Id: ChangeLog,v 1.2456 2002/09/11 23:52:03 djm Exp $

15
ssh.1
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.164 2002/08/29 16:02:54 stevesk Exp $
.\" $OpenBSD: ssh.1,v 1.165 2002/09/11 17:55:03 stevesk Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@ -402,6 +402,13 @@ Disables forwarding of the authentication agent connection.
.It Fl A
Enables forwarding of the authentication agent connection.
This can also be specified on a per-host basis in a configuration file.
.Pp
Agent forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the agent's
Unix-domain socket) can access the local agent through the forwarded
connection. An attacker cannot obtain key material from the agent,
however they can perform operations on the keys that enable them to
authenticate using the identities loaded into the agent.
.It Fl b Ar bind_address
Specify the interface to transmit from on machines with multiple
interfaces or aliased addresses.
@ -558,6 +565,12 @@ Disables X11 forwarding.
.It Fl X
Enables X11 forwarding.
This can also be specified on a per-host basis in a configuration file.
.Pp
X11 forwarding should be enabled with caution. Users with the ability
to bypass file permissions on the remote host (for the user's X
authorization database) can access the local X11 display through the
forwarded connection. An attacker may then be able to perform
activities such as keystroke monitoring.
.It Fl C
Requests compression of all data (including stdin, stdout, stderr, and
data for forwarded X11 and TCP/IP connections).