diff options
Diffstat (limited to 'crypto/openssh/ssh-agent.1')
-rw-r--r-- | crypto/openssh/ssh-agent.1 | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index b8cd0c5..0662595 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -48,6 +48,7 @@ .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash .Op Fl t Ar life +.Op Fl P Ar pkcs11_whitelist .Op Ar command Op Ar arg ... .Nm ssh-agent .Op Fl c | s @@ -122,6 +123,18 @@ The default is Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). +.It Fl P +Specify a pattern-list of acceptable paths for PKCS#11 shared libraries +that may be added using the +.Fl s +option to +.Xr ssh-add 1 . +The default is to allow loading PKCS#11 libraries from +.Dq /usr/lib/*,/usr/local/lib/* . +PKCS#11 libraries that do not match the whitelist will be refused. +See PATTERNS in +.Xr ssh_config 5 +for a description of pattern-list syntax. .It Fl s Generate Bourne shell commands on .Dv stdout . |