[Bug 3412] New: ssh_config(5): more clearly describe PubkeyAuthentication values

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Mar 23 10:24:07 AEDT 2022


            Bug ID: 3412
           Summary: ssh_config(5): more clearly describe
                    PubkeyAuthentication values
           Product: Portable OpenSSH
           Version: 8.9p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.org


Would it be possible to describe the values for PubkeyAuthentication
more clearly?

"yes" and "no" are probably clear, simply enabling/disabling *any*

But for "unbound" and "host-bound" it merely says:
"The final two options enable public key authentication while
respectively disabling or enabling the OpenSSH host-bound
authentication protocol extension required for restricted ssh-agent(1)

Okay... so they both enable PubkeyAuthentication... but "unbound"
disables the ssh-agent extension, while "host-bound" enables them?

Shouldn't that mean that one of them ("unbound"?) is synonymous to

And which of them would be the more restricted options? Since that
ssh-agent extension, AFAIU, can only restrict (further), then
"host-bound" should be the safest choice?


You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list