[openssh-commits] [openssh] 02/04: upstream: improve the text for -A a little; input from naddy and

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Nov 29 11:19:56 AEDT 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d39a865b7af93a7a9b5a64cf7cf0ef4396c80ba3
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Thu Nov 28 12:24:31 2019 +0000

    upstream: improve the text for -A a little; input from naddy and
    
    djm
    
    OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d
---
 ssh.1 | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ssh.1 b/ssh.1
index 1ce0864c..b96298eb 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.406 2019/11/18 23:16:49 naddy Exp $
-.Dd $Mdocdate: November 18 2019 $
+.\" $OpenBSD: ssh.1,v 1.407 2019/11/28 12:24:31 jmc Exp $
+.Dd $Mdocdate: November 28 2019 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -110,7 +110,8 @@ Forces
 to use IPv6 addresses only.
 .Pp
 .It Fl A
-Enables forwarding of the authentication agent connection.
+Enables forwarding of connections from an authentication agent such as
+.Xr ssh-agent 1 .
 This can also be specified on a per-host basis in a configuration file.
 .Pp
 Agent forwarding should be enabled with caution.
@@ -121,6 +122,9 @@ socket) can access the local agent through the forwarded connection.
 An attacker cannot obtain key material from the agent,
 however they can perform operations on the keys that enable them to
 authenticate using the identities loaded into the agent.
+A safer alternative may be to use a jump host
+(see
+.Fl J ) .
 .Pp
 .It Fl a
 Disables forwarding of the authentication agent connection.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list