diff options
author | jmc@openbsd.org <jmc@openbsd.org> | 2019-11-28 12:24:31 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-29 11:17:39 +1100 |
commit | d39a865b7af93a7a9b5a64cf7cf0ef4396c80ba3 (patch) | |
tree | 2ad35f25f204e42191dde176dd3a6d3efa2af6ce /ssh.1 | |
parent | 9a0e01bd0c61f553ead96b5af84abd73865847b8 (diff) |
upstream: improve the text for -A a little; input from naddy and
djm
OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.406 2019/11/18 23:16:49 naddy Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.407 2019/11/28 12:24:31 jmc Exp $ |
37 | .Dd $Mdocdate: November 18 2019 $ | 37 | .Dd $Mdocdate: November 28 2019 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -110,7 +110,8 @@ Forces | |||
110 | to use IPv6 addresses only. | 110 | to use IPv6 addresses only. |
111 | .Pp | 111 | .Pp |
112 | .It Fl A | 112 | .It Fl A |
113 | Enables forwarding of the authentication agent connection. | 113 | Enables forwarding of connections from an authentication agent such as |
114 | .Xr ssh-agent 1 . | ||
114 | This can also be specified on a per-host basis in a configuration file. | 115 | This can also be specified on a per-host basis in a configuration file. |
115 | .Pp | 116 | .Pp |
116 | Agent forwarding should be enabled with caution. | 117 | Agent forwarding should be enabled with caution. |
@@ -121,6 +122,9 @@ socket) can access the local agent through the forwarded connection. | |||
121 | An attacker cannot obtain key material from the agent, | 122 | An attacker cannot obtain key material from the agent, |
122 | however they can perform operations on the keys that enable them to | 123 | however they can perform operations on the keys that enable them to |
123 | authenticate using the identities loaded into the agent. | 124 | authenticate using the identities loaded into the agent. |
125 | A safer alternative may be to use a jump host | ||
126 | (see | ||
127 | .Fl J ) . | ||
124 | .Pp | 128 | .Pp |
125 | .It Fl a | 129 | .It Fl a |
126 | Disables forwarding of the authentication agent connection. | 130 | Disables forwarding of the authentication agent connection. |