version 1.2, 2002/08/17 23:55:01 |
version 1.3, 2002/08/27 17:18:40 |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
.Pp |
|
Agent forwarding should be enabled with caution. Users with the |
|
ability to bypass file permissions on the remote host (for the agent's |
|
Unix-domain socket) can access the local agent through the forwarded |
|
connection. An attacker cannot obtain key material from the agent, |
|
however they can perform operations on the keys that enable them to |
|
authenticate using the identities loaded into the agent. |
.It Cm ForwardX11 |
.It Cm ForwardX11 |
Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
over the secure channel and |
over the secure channel and |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
.Pp |
|
X11 forwarding should be enabled with caution. Users with the ability |
|
to bypass file permissions on the remote host (for the user's X |
|
authorization database) can access the local X11 display through the |
|
forwarded connection. An attacker may then be able to perform |
|
activities such as keystroke monitoring. |
.It Cm GatewayPorts |
.It Cm GatewayPorts |
Specifies whether remote hosts are allowed to connect to local |
Specifies whether remote hosts are allowed to connect to local |
forwarded ports. |
forwarded ports. |