diff options
| author | Damien Miller <djm@mindrot.org> | 2008-05-19 06:57:41 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2008-05-19 06:57:41 +0200 |
| commit | 4f755cdc05f5c6dee7cb1894f8d3bcaee33443d0 (patch) | |
| tree | 73c05a3429a9d63d32b373fd3bd92900d43883da /sshd_config.5 | |
| parent | - djm@cvs.openbsd.org 2008/04/30 10:14:03 (diff) | |
| download | openssh-4f755cdc05f5c6dee7cb1894f8d3bcaee33443d0.tar.xz openssh-4f755cdc05f5c6dee7cb1894f8d3bcaee33443d0.zip | |
- pyr@cvs.openbsd.org 2008/05/07 05:49:37
[servconf.c servconf.h session.c sshd_config.5]
Enable the AllowAgentForwarding option in sshd_config (global and match
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
Diffstat (limited to '')
| -rw-r--r-- | sshd_config.5 | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 6edaa9260..b93c801e3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.87 2008/04/05 02:46:02 djm Exp $ -.Dd $Mdocdate: April 5 2008 $ +.\" $OpenBSD: sshd_config.5,v 1.88 2008/05/07 05:49:37 pyr Exp $ +.Dd $Mdocdate: May 7 2008 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -114,6 +114,15 @@ See in .Xr ssh_config 5 for more information on patterns. +.It Cm AllowAgentForwarding +Specifies whether +.Xr ssh-agent 1 +forwarding is permitted. +The default is +.Dq yes . +Note that disabling Agent forwarding does not improve security +unless users are also denied shell access, as they can always install +their own forwarders. .It Cm AllowTcpForwarding Specifies whether TCP forwarding is permitted. The default is |