diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.164 2002/08/29 16:02:54 stevesk Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.165 2002/09/11 17:55:03 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -402,6 +402,13 @@ Disables forwarding of the authentication agent connection. | |||
402 | .It Fl A | 402 | .It Fl A |
403 | Enables forwarding of the authentication agent connection. | 403 | Enables forwarding of the authentication agent connection. |
404 | This can also be specified on a per-host basis in a configuration file. | 404 | This can also be specified on a per-host basis in a configuration file. |
405 | .Pp | ||
406 | Agent forwarding should be enabled with caution. Users with the | ||
407 | ability to bypass file permissions on the remote host (for the agent's | ||
408 | Unix-domain socket) can access the local agent through the forwarded | ||
409 | connection. An attacker cannot obtain key material from the agent, | ||
410 | however they can perform operations on the keys that enable them to | ||
411 | authenticate using the identities loaded into the agent. | ||
405 | .It Fl b Ar bind_address | 412 | .It Fl b Ar bind_address |
406 | Specify the interface to transmit from on machines with multiple | 413 | Specify the interface to transmit from on machines with multiple |
407 | interfaces or aliased addresses. | 414 | interfaces or aliased addresses. |
@@ -558,6 +565,12 @@ Disables X11 forwarding. | |||
558 | .It Fl X | 565 | .It Fl X |
559 | Enables X11 forwarding. | 566 | Enables X11 forwarding. |
560 | This can also be specified on a per-host basis in a configuration file. | 567 | This can also be specified on a per-host basis in a configuration file. |
568 | .Pp | ||
569 | X11 forwarding should be enabled with caution. Users with the ability | ||
570 | to bypass file permissions on the remote host (for the user's X | ||
571 | authorization database) can access the local X11 display through the | ||
572 | forwarded connection. An attacker may then be able to perform | ||
573 | activities such as keystroke monitoring. | ||
561 | .It Fl C | 574 | .It Fl C |
562 | Requests compression of all data (including stdin, stdout, stderr, and | 575 | Requests compression of all data (including stdin, stdout, stderr, and |
563 | data for forwarded X11 and TCP/IP connections). | 576 | data for forwarded X11 and TCP/IP connections). |