summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authorjmc@openbsd.org <jmc@openbsd.org>2019-11-28 12:24:31 +0000
committerDamien Miller <djm@mindrot.org>2019-11-29 11:17:39 +1100
commitd39a865b7af93a7a9b5a64cf7cf0ef4396c80ba3 (patch)
tree2ad35f25f204e42191dde176dd3a6d3efa2af6ce /ssh.1
parent9a0e01bd0c61f553ead96b5af84abd73865847b8 (diff)
upstream: improve the text for -A a little; input from naddy and
djm OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.110
1 files changed, 7 insertions, 3 deletions
diff --git a/ssh.1 b/ssh.1
index 1ce0864c7..b96298ebd 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh.1,v 1.406 2019/11/18 23:16:49 naddy Exp $ 36.\" $OpenBSD: ssh.1,v 1.407 2019/11/28 12:24:31 jmc Exp $
37.Dd $Mdocdate: November 18 2019 $ 37.Dd $Mdocdate: November 28 2019 $
38.Dt SSH 1 38.Dt SSH 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -110,7 +110,8 @@ Forces
110to use IPv6 addresses only. 110to use IPv6 addresses only.
111.Pp 111.Pp
112.It Fl A 112.It Fl A
113Enables forwarding of the authentication agent connection. 113Enables forwarding of connections from an authentication agent such as
114.Xr ssh-agent 1 .
114This can also be specified on a per-host basis in a configuration file. 115This can also be specified on a per-host basis in a configuration file.
115.Pp 116.Pp
116Agent forwarding should be enabled with caution. 117Agent forwarding should be enabled with caution.
@@ -121,6 +122,9 @@ socket) can access the local agent through the forwarded connection.
121An attacker cannot obtain key material from the agent, 122An attacker cannot obtain key material from the agent,
122however they can perform operations on the keys that enable them to 123however they can perform operations on the keys that enable them to
123authenticate using the identities loaded into the agent. 124authenticate using the identities loaded into the agent.
125A safer alternative may be to use a jump host
126(see
127.Fl J ) .
124.Pp 128.Pp
125.It Fl a 129.It Fl a
126Disables forwarding of the authentication agent connection. 130Disables forwarding of the authentication agent connection.