summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.515
1 files changed, 14 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 857cc9640..82eda0a18 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.2 2002/08/17 23:55:01 stevesk Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.3 2002/08/27 17:18:40 stevesk Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -258,6 +258,13 @@ or
258.Dq no . 258.Dq no .
259The default is 259The default is
260.Dq no . 260.Dq no .
261.Pp
262Agent forwarding should be enabled with caution. Users with the
263ability to bypass file permissions on the remote host (for the agent's
264Unix-domain socket) can access the local agent through the forwarded
265connection. An attacker cannot obtain key material from the agent,
266however they can perform operations on the keys that enable them to
267authenticate using the identities loaded into the agent.
261.It Cm ForwardX11 268.It Cm ForwardX11
262Specifies whether X11 connections will be automatically redirected 269Specifies whether X11 connections will be automatically redirected
263over the secure channel and 270over the secure channel and
@@ -269,6 +276,12 @@ or
269.Dq no . 276.Dq no .
270The default is 277The default is
271.Dq no . 278.Dq no .
279.Pp
280X11 forwarding should be enabled with caution. Users with the ability
281to bypass file permissions on the remote host (for the user's X
282authorization database) can access the local X11 display through the
283forwarded connection. An attacker may then be able to perform
284activities such as keystroke monitoring.
272.It Cm GatewayPorts 285.It Cm GatewayPorts
273Specifies whether remote hosts are allowed to connect to local 286Specifies whether remote hosts are allowed to connect to local
274forwarded ports. 287forwarded ports.