diff options
| author | dd <dd@FreeBSD.org> | 2001-06-16 00:32:19 +0000 |
|---|---|---|
| committer | dd <dd@FreeBSD.org> | 2001-06-16 00:32:19 +0000 |
| commit | 935cf1479505646d25f9bf5ed54038028ca3c719 (patch) | |
| tree | 7f3030dee389c0bd4b2c3f72b3c4dfdc1ab94a06 /share | |
| parent | 6a8d5663b70bcadde1ab437d6ce7d19f5ed493ec (diff) | |
| download | FreeBSD-src-935cf1479505646d25f9bf5ed54038028ca3c719.zip FreeBSD-src-935cf1479505646d25f9bf5ed54038028ca3c719.tar.gz | |
OpenSSH doesn't forward keys by default.
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man7/security.7 | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index d9f6536..b39260e 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -650,8 +650,9 @@ kerberos does not encrypt a session unless you use the .Fl x option. Ssh encrypts everything by default. .Pp -Ssh works quite well in every respect except that it forwards encryption keys -by default. What this means is that if you have a secure workstation holding +Ssh works quite well in every respect except when it is set up to +forward encryption keys. +What this means is that if you have a secure workstation holding keys that give you access to the rest of the system, and you ssh to an unsecure machine, your keys becomes exposed. The actual keys themselves are not exposed, but ssh installs a forwarding port for the duration of your |
