From e9890193032b4bba7afa40d4fc003bbf629afba2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 19 May 2008 14:59:02 +1000 Subject: - jmc@cvs.openbsd.org 2008/05/07 08:00:14 [sshd_config.5] sort; --- ChangeLog | 5 ++++- sshd_config.5 | 22 +++++++++++----------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 01274c697..4ac32e57f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,9 @@ - pyr@cvs.openbsd.org 2008/05/07 06:43:35 [sshd_config] push the sshd_config bits in, spotted by ajacoutot@ + - jmc@cvs.openbsd.org 2008/05/07 08:00:14 + [sshd_config.5] + sort; 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- @@ -3915,4 +3918,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4917 2008/05/19 04:58:22 djm Exp $ +$Id: ChangeLog,v 1.4918 2008/05/19 04:59:02 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index b93c801e3..99b5621e7 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.88 2008/05/07 05:49:37 pyr Exp $ -.Dd $Mdocdate: May 7 2008 $ +.\" $OpenBSD: sshd_config.5,v 1.89 2008/05/07 08:00:14 jmc Exp $ +.Dd $Mdocdate: May 19 2008 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -95,6 +95,15 @@ Valid arguments are (use IPv6 only). The default is .Dq any . +.It Cm AllowAgentForwarding +Specifies whether +.Xr ssh-agent 1 +forwarding is permitted. +The default is +.Dq yes . +Note that disabling agent forwarding does not improve security +unless users are also denied shell access, as they can always install +their own forwarders. .It Cm AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -114,15 +123,6 @@ See in .Xr ssh_config 5 for more information on patterns. -.It Cm AllowAgentForwarding -Specifies whether -.Xr ssh-agent 1 -forwarding is permitted. -The default is -.Dq yes . -Note that disabling Agent forwarding does not improve security -unless users are also denied shell access, as they can always install -their own forwarders. .It Cm AllowTcpForwarding Specifies whether TCP forwarding is permitted. The default is -- cgit v1.2.3