diff options
| author | Damien Miller <djm@mindrot.org> | 2002-09-04 16:40:37 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-09-04 16:40:37 +1000 |
| commit | af65304a3c99a9a68d507ce0aefd2e7983eb396b (patch) | |
| tree | 07b8ea7b91851dba01e5d50a6f5472ae9b13c9d9 | |
| parent | f7c2391d83ba859a4581c3ce52804e6f61fd6adb (diff) | |
- stevesk@cvs.openbsd.org 2002/08/27 17:18:40
[ssh_config.5]
some warning text for ForwardAgent and ForwardX11; ok markus@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | ssh_config.5 | 15 |
2 files changed, 18 insertions, 2 deletions
| @@ -35,6 +35,9 @@ | |||
| 35 | [ssh-rsa.c] | 35 | [ssh-rsa.c] |
| 36 | RSA_public_decrypt() returns -1 on error so len must be signed; | 36 | RSA_public_decrypt() returns -1 on error so len must be signed; |
| 37 | ok markus@ | 37 | ok markus@ |
| 38 | - stevesk@cvs.openbsd.org 2002/08/27 17:18:40 | ||
| 39 | [ssh_config.5] | ||
| 40 | some warning text for ForwardAgent and ForwardX11; ok markus@ | ||
| 38 | 41 | ||
| 39 | 20020820 | 42 | 20020820 |
| 40 | - OpenBSD CVS Sync | 43 | - OpenBSD CVS Sync |
| @@ -1576,4 +1579,4 @@ | |||
| 1576 | - (stevesk) entropy.c: typo in debug message | 1579 | - (stevesk) entropy.c: typo in debug message |
| 1577 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1580 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 1578 | 1581 | ||
| 1579 | $Id: ChangeLog,v 1.2436 2002/09/04 06:39:48 djm Exp $ | 1582 | $Id: ChangeLog,v 1.2437 2002/09/04 06:40:37 djm Exp $ |
diff --git a/ssh_config.5 b/ssh_config.5 index 857cc9640..82eda0a18 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: ssh_config.5,v 1.2 2002/08/17 23:55:01 stevesk Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.3 2002/08/27 17:18:40 stevesk Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -258,6 +258,13 @@ or | |||
| 258 | .Dq no . | 258 | .Dq no . |
| 259 | The default is | 259 | The default is |
| 260 | .Dq no . | 260 | .Dq no . |
| 261 | .Pp | ||
| 262 | Agent forwarding should be enabled with caution. Users with the | ||
| 263 | ability to bypass file permissions on the remote host (for the agent's | ||
| 264 | Unix-domain socket) can access the local agent through the forwarded | ||
| 265 | connection. An attacker cannot obtain key material from the agent, | ||
| 266 | however they can perform operations on the keys that enable them to | ||
| 267 | authenticate using the identities loaded into the agent. | ||
| 261 | .It Cm ForwardX11 | 268 | .It Cm ForwardX11 |
| 262 | Specifies whether X11 connections will be automatically redirected | 269 | Specifies whether X11 connections will be automatically redirected |
| 263 | over the secure channel and | 270 | over the secure channel and |
| @@ -269,6 +276,12 @@ or | |||
| 269 | .Dq no . | 276 | .Dq no . |
| 270 | The default is | 277 | The default is |
| 271 | .Dq no . | 278 | .Dq no . |
| 279 | .Pp | ||
| 280 | X11 forwarding should be enabled with caution. Users with the ability | ||
| 281 | to bypass file permissions on the remote host (for the user's X | ||
| 282 | authorization database) can access the local X11 display through the | ||
| 283 | forwarded connection. An attacker may then be able to perform | ||
| 284 | activities such as keystroke monitoring. | ||
| 272 | .It Cm GatewayPorts | 285 | .It Cm GatewayPorts |
| 273 | Specifies whether remote hosts are allowed to connect to local | 286 | Specifies whether remote hosts are allowed to connect to local |
| 274 | forwarded ports. | 287 | forwarded ports. |