[Bug 3412] New: ssh_config(5): more clearly describe PubkeyAuthentication values

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Mar 23 10:24:07 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3412

            Bug ID: 3412
           Summary: ssh_config(5): more clearly describe
                    PubkeyAuthentication values
           Product: Portable OpenSSH
           Version: 8.9p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.org

Hey.

Would it be possible to describe the values for PubkeyAuthentication
more clearly?

"yes" and "no" are probably clear, simply enabling/disabling *any*
PubkeyAuthentication.

But for "unbound" and "host-bound" it merely says:
"The final two options enable public key authentication while
respectively disabling or enabling the OpenSSH host-bound
authentication protocol extension required for restricted ssh-agent(1)
forwarding."

Okay... so they both enable PubkeyAuthentication... but "unbound"
disables the ssh-agent extension, while "host-bound" enables them?

Shouldn't that mean that one of them ("unbound"?) is synonymous to
"yes"?

And which of them would be the more restricted options? Since that
ssh-agent extension, AFAIU, can only restrict (further), then
"host-bound" should be the safest choice?

Thanks,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list