global no-agent-forwarding
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 25 05:20:34 EST 2009
On 03/24/2009 12:33 PM, Jan Schaumann wrote:
> Hi,
>
> I can disable agent-forwarding for any given key by prefixing it with
> "no-agent-forwarding", but it seems there's no global sshd_config
> setting for this (ie no "AgentForwarding [yes|no]"). Is this on
> purpose? If so, what's the rationale?
sshd_config(5) shows:
AllowAgentForwarding
Specifies whether ssh-agent(1) forwarding is permitted. The
default is “yes”. Note that disabling agent forwarding does not
improve security unless users are also denied shell access, as
they can always install their own forwarders.
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090324/38826200/attachment.bin
More information about the openssh-unix-dev
mailing list