[PATCH] 'ssh -A' / 'ssh-add -c' crossref

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

The documentation of 'ssh -A' does not mention that the risks can be somewhat
mitigated by using the '-c' option of 'ssh-add'.  In my experience, people are
unaware of the '-c' option, so I suggest to point to it from the documentation
of '-A':

Index: ssh.1
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.345
diff -u -r1.345 ssh.1
--- ssh.1	19 Apr 2014 18:42:19 -0000	1.345
+++ ssh.1	2 May 2014 20:14:18 -0000
@@ -121,6 +121,11 @@
 An attacker cannot obtain key material from the agent,
 however they can perform operations on the keys that enable them to
 authenticate using the identities loaded into the agent.
+Using the
+.Fl c
+flag of
+.Xr ssh-add 1 
+can reduce (but not eliminate) the risk.
 .It Fl a
 Disables forwarding of the authentication agent connection.
 .It Fl b Ar bind_address

I'm not married to the specific text in the patch; I'd just like the
documentation of -A to contain a crossref to -c.

Cheers,

Daniel
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux