https://bugzilla.mindrot.org/show_bug.cgi?id=3412
Bug ID: 3412
Summary: ssh_config(5): more clearly describe
PubkeyAuthentication values
Product: Portable OpenSSH
Version: 8.9p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs@mindrot.org
Reporter: calestyo@scientia.org
Hey.
Would it be possible to describe the values for PubkeyAuthentication
more clearly?
"yes" and "no" are probably clear, simply enabling/disabling *any*
PubkeyAuthentication.
But for "unbound" and "host-bound" it merely says:
"The final two options enable public key authentication while
respectively disabling or enabling the OpenSSH host-bound
authentication protocol extension required for restricted ssh-agent(1)
forwarding."
Okay... so they both enable PubkeyAuthentication... but "unbound"
disables the ssh-agent extension, while "host-bound" enables them?
Shouldn't that mean that one of them ("unbound"?) is synonymous to
"yes"?
And which of them would be the more restricted options? Since that
ssh-agent extension, AFAIU, can only restrict (further), then
"host-bound" should be the safest choice?
Thanks,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3412
Summary: ssh_config(5): more clearly describe
PubkeyAuthentication values
Product: Portable OpenSSH
Version: 8.9p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs@mindrot.org
Reporter: calestyo@scientia.org
Hey.
Would it be possible to describe the values for PubkeyAuthentication
more clearly?
"yes" and "no" are probably clear, simply enabling/disabling *any*
PubkeyAuthentication.
But for "unbound" and "host-bound" it merely says:
"The final two options enable public key authentication while
respectively disabling or enabling the OpenSSH host-bound
authentication protocol extension required for restricted ssh-agent(1)
forwarding."
Okay... so they both enable PubkeyAuthentication... but "unbound"
disables the ssh-agent extension, while "host-bound" enables them?
Shouldn't that mean that one of them ("unbound"?) is synonymous to
"yes"?
And which of them would be the more restricted options? Since that
ssh-agent extension, AFAIU, can only restrict (further), then
"host-bound" should be the safest choice?
Thanks,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs