src/usr.bin/ssh/ssh-agent.1 - diff

Return to ssh-agent.1 CVS log

Up to [local] / src / usr.bin / ssh

version 1.73, 2022/03/31 17:27:27

version 1.74, 2022/10/07 04:06:26

Line 46

.Op Fl \&Dd

.Op Fl a Ar bind_address

.Op Fl E Ar fingerprint_hash

.Op Fl O Ar option

.Op Fl P Ar allowed_providers

.Op Fl t Ar life

.Nm ssh-agent

.Op Fl a Ar bind_address

.Op Fl E Ar fingerprint_hash

.Op Fl O Ar option

.Op Fl P Ar allowed_providers

.Op Fl t Ar life

.Ar command Op Ar arg ...

Line 102

Line 104

Kill the current agent (given by the

.Ev SSH_AGENT_PID

environment variable).

.It Fl O Ar option

Specify an option when starting

.Xr ssh-agent 1 .

Currently only one option is supported:

.Cm no-restrict-websafe .

This instructs

.Xr ssh-agent 1

to permit signatures using FIDO keys that might be web authentication

requests.

By default,

.Xr ssh-agent 1

refuses signature requests for FIDO keys where the key application string

does not start with

.Dq ssh:

and when the data to be signed does not appear to be a

.Xr ssh 1

user authentication request or a

.Xr ssh-keygen 1

signature.

The default behaviour prevents forwarded access to a FIDO key from also

implicitly forwarding the ability to authenticate to websites.

.It Fl P Ar allowed_providers

Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO

authenticator middleware shared libraries that may be used with the