ssh_config: document ForwardAgent and ForwardX11...

...Previously they were no without explanation, but it never hurts to
explicitly have comments on not doing that, I didn't quickly find
anything nice for ForwardAgent, but I remember the Matrix.org people
somehow avoiding hearing it and ForwardX11 first result was that
StackExchange.
This commit is contained in:
Mikaela Suomalainen 2020-05-22 14:36:26 +03:00
parent d8d48508bd
commit 856085bd74
No known key found for this signature in database
GPG Key ID: 440D764E4F4A6C2D

View File

@ -15,7 +15,10 @@ Host *
# closed. # closed.
ControlPersist yes ControlPersist yes
# SSH Agent forwarding is behind a lot of security breaches, never do it
# Most recently https://github.com/matrix-org/matrix.org/issues/371
ForwardAgent no ForwardAgent no
# Never do that either https://security.stackexchange.com/a/14817/234532
ForwardX11 no ForwardX11 no
# Debian sets this as yes, upstream no. TODO: What is it? # Debian sets this as yes, upstream no. TODO: What is it?