From: djm Date: Mon, 19 May 2008 04:59:02 +0000 (+0000) Subject: - jmc@cvs.openbsd.org 2008/05/07 08:00:14 X-Git-Tag: V_5_1_P1~184 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/9456963113811efc5a3334da13afd5a3cc976a3a - jmc@cvs.openbsd.org 2008/05/07 08:00:14 [sshd_config.5] sort; --- diff --git a/ChangeLog b/ChangeLog index d1b6fcd6..cf3907ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,9 @@ - pyr@cvs.openbsd.org 2008/05/07 06:43:35 [sshd_config] push the sshd_config bits in, spotted by ajacoutot@ + - jmc@cvs.openbsd.org 2008/05/07 08:00:14 + [sshd_config.5] + sort; 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- diff --git a/sshd_config.5 b/sshd_config.5 index 04247221..62d54090 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.88 2008/05/07 05:49:37 pyr Exp $ +.\" $OpenBSD: sshd_config.5,v 1.89 2008/05/07 08:00:14 jmc Exp $ .Dd $Mdocdate$ .Dt SSHD_CONFIG 5 .Os @@ -95,6 +95,15 @@ Valid arguments are (use IPv6 only). The default is .Dq any . +.It Cm AllowAgentForwarding +Specifies whether +.Xr ssh-agent 1 +forwarding is permitted. +The default is +.Dq yes . +Note that disabling agent forwarding does not improve security +unless users are also denied shell access, as they can always install +their own forwarders. .It Cm AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -114,15 +123,6 @@ See in .Xr ssh_config 5 for more information on patterns. -.It Cm AllowAgentForwarding -Specifies whether -.Xr ssh-agent 1 -forwarding is permitted. -The default is -.Dq yes . -Note that disabling Agent forwarding does not improve security -unless users are also denied shell access, as they can always install -their own forwarders. .It Cm AllowTcpForwarding Specifies whether TCP forwarding is permitted. The default is