mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-25 12:49:26 +01:00
ssh_config: document ForwardAgent and ForwardX11...
...Previously they were no without explanation, but it never hurts to explicitly have comments on not doing that, I didn't quickly find anything nice for ForwardAgent, but I remember the Matrix.org people somehow avoiding hearing it and ForwardX11 first result was that StackExchange.
This commit is contained in:
parent
d8d48508bd
commit
856085bd74
@ -15,7 +15,10 @@ Host *
|
|||||||
# closed.
|
# closed.
|
||||||
ControlPersist yes
|
ControlPersist yes
|
||||||
|
|
||||||
|
# SSH Agent forwarding is behind a lot of security breaches, never do it
|
||||||
|
# Most recently https://github.com/matrix-org/matrix.org/issues/371
|
||||||
ForwardAgent no
|
ForwardAgent no
|
||||||
|
# Never do that either https://security.stackexchange.com/a/14817/234532
|
||||||
ForwardX11 no
|
ForwardX11 no
|
||||||
|
|
||||||
# Debian sets this as yes, upstream no. TODO: What is it?
|
# Debian sets this as yes, upstream no. TODO: What is it?
|
||||||
|
Loading…
Reference in New Issue
Block a user