bugzilla-daemon at mindrot.org
2022-Mar-22 23:24 UTC
[Bug 3412] New: ssh_config(5): more clearly describe PubkeyAuthentication values
https://bugzilla.mindrot.org/show_bug.cgi?id=3412 Bug ID: 3412 Summary: ssh_config(5): more clearly describe PubkeyAuthentication values Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: calestyo at scientia.org Hey. Would it be possible to describe the values for PubkeyAuthentication more clearly? "yes" and "no" are probably clear, simply enabling/disabling *any* PubkeyAuthentication. But for "unbound" and "host-bound" it merely says: "The final two options enable public key authentication while respectively disabling or enabling the OpenSSH host-bound authentication protocol extension required for restricted ssh-agent(1) forwarding." Okay... so they both enable PubkeyAuthentication... but "unbound" disables the ssh-agent extension, while "host-bound" enables them? Shouldn't that mean that one of them ("unbound"?) is synonymous to "yes"? And which of them would be the more restricted options? Since that ssh-agent extension, AFAIU, can only restrict (further), then "host-bound" should be the safest choice? Thanks, Chris. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Mar-22 23:43 UTC
[Bug 3412] ssh_config(5): more clearly describe PubkeyAuthentication values
https://bugzilla.mindrot.org/show_bug.cgi?id=3412 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- There's no more restrictive option - the restriction is performed in ssh-agent. The other options are mostly for debugging and regression testing. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 07:55 UTC
[Bug 3412] ssh_config(5): more clearly describe PubkeyAuthentication values
https://bugzilla.mindrot.org/show_bug.cgi?id=3412 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.