version 1.73.6.1, 2023/07/19 14:08:59 |
version 1.74, 2022/10/07 04:06:26 |
|
|
environment variable). |
environment variable). |
.It Fl O Ar option |
.It Fl O Ar option |
Specify an option when starting |
Specify an option when starting |
.Nm . |
.Xr ssh-agent 1 . |
Currently two options are supported: |
Currently only one option is supported: |
.Cm allow-remote-pkcs11 |
|
and |
|
.Cm no-restrict-websafe . |
.Cm no-restrict-websafe . |
.Pp |
This instructs |
The |
.Xr ssh-agent 1 |
.Cm allow-remote-pkcs11 |
|
option allows clients of a forwarded |
|
.Nm |
|
to load PKCS#11 or FIDO provider libraries. |
|
By default only local clients may perform this operation. |
|
Note that signalling that a |
|
.Nm |
|
client remote is performed by |
|
.Xr ssh 1 , |
|
and use of other tools to forward access to the agent socket may circumvent |
|
this restriction. |
|
.Pp |
|
The |
|
.Cm no-restrict-websafe , |
|
instructs |
|
.Nm |
|
to permit signatures using FIDO keys that might be web authentication |
to permit signatures using FIDO keys that might be web authentication |
requests. |
requests. |
By default, |
By default, |
.Nm |
.Xr ssh-agent 1 |
refuses signature requests for FIDO keys where the key application string |
refuses signature requests for FIDO keys where the key application string |
does not start with |
does not start with |
.Dq ssh: |
.Dq ssh: |
|
|
.Pp |
.Pp |
In both cases, |
In both cases, |
.Xr ssh 1 |
.Xr ssh 1 |
looks at these environment variables |
looks at these environment variables and uses them to establish a connection to the agent. |
and uses them to establish a connection to the agent. |
|
.Pp |
.Pp |
The agent initially does not have any private keys. |
The agent initially does not have any private keys. |
Keys are added using |
Keys are added using |