mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-11 14:10:34 +00:00
Code Issues Releases Activity

OpenSSH doesn't forward keys by default.

Browse Source
This commit is contained in:
Dima Dorfman 2001-06-16 00:32:19 +00:00
parent d997ca82d0
commit 9baaab27a0
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=78319
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
share/man/man7/security.7
View File

@ -650,8 +650,9 @@ kerberos does not encrypt a session unless you use the
.Fl x
option. Ssh encrypts everything by default.
.Pp
Ssh works quite well in every respect except that it forwards encryption keys
by default. What this means is that if you have a secure workstation holding
Ssh works quite well in every respect except when it is set up to
forward encryption keys.
What this means is that if you have a secure workstation holding
keys that give you access to the rest of the system, and you ssh to an
unsecure machine, your keys becomes exposed. The actual keys themselves are
not exposed, but ssh installs a forwarding port for the duration of your