- stevesk@cvs.openbsd.org 2001/11/19 18:40:46

[ssh-agent.1] clarify/state that private keys are not exposed to clients using the agent; ok markus@
author: Ben Lindstrom <mouring@eviladmin.org> 2001-12-06 16:37:51 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-12-06 16:37:51 +0000
commit: 11f790bbb1fb286006aa04e78fb9965110a4af90 (patch)
tree: bad82880286e56fd5411225e435ff2a496952633 /ssh-agent.1
parent: d84df989db48f76be16c34f7795e6788ee7841bc (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1
index 00c19921c..2b9f3d97c 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.29 2001/11/19 18:40:46 stevesk Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -127,6 +127,11 @@ Later
 .Xr ssh 1
 looks at these variables and uses them to establish a connection to the agent.
 .Pp
+The agent will never send a private key over its request channel.
+Instead, operations that require a private key will be performed
+by the agent, and the result will be returned to the requester.
+This way, private keys are not exposed to clients using the agent.
+.Pp
 A unix-domain socket is created
 .Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
 and the name of this socket is stored in the
author	Ben Lindstrom <mouring@eviladmin.org>	2001-12-06 16:37:51 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-12-06 16:37:51 +0000
commit	11f790bbb1fb286006aa04e78fb9965110a4af90 (patch)
tree	bad82880286e56fd5411225e435ff2a496952633 /ssh-agent.1
parent	d84df989db48f76be16c34f7795e6788ee7841bc (diff)

diff --git a/ssh-agent.1 b/ssh-agent.1 index 00c19921c..2b9f3d97c 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $	1	.\" $OpenBSD: ssh-agent.1,v 1.29 2001/11/19 18:40:46 stevesk Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -127,6 +127,11 @@ Later
127	.Xr ssh 1	127	.Xr ssh 1
128	looks at these variables and uses them to establish a connection to the agent.	128	looks at these variables and uses them to establish a connection to the agent.
129	.Pp	129	.Pp
		130	The agent will never send a private key over its request channel.
		131	Instead, operations that require a private key will be performed
		132	by the agent, and the result will be returned to the requester.
		133	This way, private keys are not exposed to clients using the agent.
		134	.Pp
130	A unix-domain socket is created	135	A unix-domain socket is created
131	.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,	136	.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
132	and the name of this socket is stored in the	137	and the name of this socket is stored in the