| version 1.2, 2002/08/17 23:55:01 |
version 1.3, 2002/08/27 17:18:40 |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
.Pp |
| |
Agent forwarding should be enabled with caution. Users with the |
| |
ability to bypass file permissions on the remote host (for the agent's |
| |
Unix-domain socket) can access the local agent through the forwarded |
| |
connection. An attacker cannot obtain key material from the agent, |
| |
however they can perform operations on the keys that enable them to |
| |
authenticate using the identities loaded into the agent. |
| .It Cm ForwardX11 |
.It Cm ForwardX11 |
| Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
| over the secure channel and |
over the secure channel and |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
.Pp |
| |
X11 forwarding should be enabled with caution. Users with the ability |
| |
to bypass file permissions on the remote host (for the user's X |
| |
authorization database) can access the local X11 display through the |
| |
forwarded connection. An attacker may then be able to perform |
| |
activities such as keystroke monitoring. |
| .It Cm GatewayPorts |
.It Cm GatewayPorts |
| Specifies whether remote hosts are allowed to connect to local |
Specifies whether remote hosts are allowed to connect to local |
| forwarded ports. |
forwarded ports. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh