From 9baaab27a0e9e8993a254f4623a8ca732a85c77f Mon Sep 17 00:00:00 2001 From: Dima Dorfman Date: Sat, 16 Jun 2001 00:32:19 +0000 Subject: [PATCH] OpenSSH doesn't forward keys by default. --- share/man/man7/security.7 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index d9f65364a7d1..b39260e85840 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -650,8 +650,9 @@ kerberos does not encrypt a session unless you use the .Fl x option. Ssh encrypts everything by default. .Pp -Ssh works quite well in every respect except that it forwards encryption keys -by default. What this means is that if you have a secure workstation holding +Ssh works quite well in every respect except when it is set up to +forward encryption keys. +What this means is that if you have a secure workstation holding keys that give you access to the rest of the system, and you ssh to an unsecure machine, your keys becomes exposed. The actual keys themselves are not exposed, but ssh installs a forwarding port for the duration of your