diff options
author | delphij <delphij@FreeBSD.org> | 2017-01-11 05:56:40 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2017-01-11 05:56:40 +0000 |
commit | 01991d8d9a5ef8038fb70e3084e07d1eaeed4e0d (patch) | |
tree | 73e37f1e585cae50c2fe9162c37c3923a63fc633 /crypto/openssh/ssh-agent.1 | |
parent | 3b7c487a04a0e2640bc7c0236572c196f0af6939 (diff) | |
download | FreeBSD-src-01991d8d9a5ef8038fb70e3084e07d1eaeed4e0d.zip FreeBSD-src-01991d8d9a5ef8038fb70e3084e07d1eaeed4e0d.tar.gz |
MFC r311914: MFV r311913:
Fix multiple OpenSSH vulnerabilities.
Submitted by: des
Approved by: so
Diffstat (limited to 'crypto/openssh/ssh-agent.1')
-rw-r--r-- | crypto/openssh/ssh-agent.1 | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index b8cd0c5..3806b62 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.62 2015/11/15 23:54:15 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.63 2016/11/30 03:07:37 djm Exp $ .\" $FreeBSD$ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -48,6 +48,7 @@ .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash .Op Fl t Ar life +.Op Fl P Ar pkcs11_whitelist .Op Ar command Op Ar arg ... .Nm ssh-agent .Op Fl c | s @@ -122,6 +123,18 @@ The default is Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). +.It Fl P +Specify a pattern-list of acceptable paths for PKCS#11 shared libraries +that may be added using the +.Fl s +option to +.Xr ssh-add 1 . +The default is to allow loading PKCS#11 libraries from +.Dq /usr/lib/*,/usr/local/lib/* . +PKCS#11 libraries that do not match the whitelist will be refused. +See PATTERNS in +.Xr ssh_config 5 +for a description of pattern-list syntax. .It Fl s Generate Bourne shell commands on .Dv stdout . |