On Wed, 21 Dec 2016, ilf wrote: > Thanks for OpenSSH 7.4! > > Damien Miller: > > * sshd(8): Add a sshd_config DisableForwaring option that disables X11, > > agent, TCP, tunnel and Unix domain socket forwarding, as well as anything > > else we might implement in the future. Like the 'restrict' authorized_keys > > flag, this is intended to be a simple and future-proof way of restricting > > an account. > > Nice. But I cannot find this mentioned in man sshd_config.5? It's there: [djm@haru openssh]$ grep -A5 DisableForwarding sshd_config.5 .It Cm DisableForwarding Disables all forwarding features, including X11, .Xr ssh-agent 1 , TCP and StreamLocal. This option overrides all other forwarding-related options and may simplify restricted configurations. > While ssh_config.5 sais: > > > Specifies whether to use compression. The argument must be yes or no (the > > default). > > 1. Why does ssh_config.5 not say that this is post-authentication-compression? Because on the client supports both, preferring delayed compression if possible. > 2. Why is the default "yes" in sshd_config.5 and "no" in ssh_config.5? In the SSH protocol, the client chooses connection options (cipher, compression, etc) from the sets of options that the server offers, so The option in sshd_config makes compression available for the client to use, and the option in the client says to use it if available. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
