diff options
| author | djm <djm> | 2008-05-19 04:57:41 +0000 |
|---|---|---|
| committer | djm <djm> | 2008-05-19 04:57:41 +0000 |
| commit | 7ea8c1448529a36b991feb24841cbe8e0915d0e6 (patch) | |
| tree | bd1c6ef1f6fd368178ff5a5a9cb0ba360ef60fb2 /session.c | |
| parent | 2598aa143e6e403579c89f65de2067b8adad7707 (diff) | |
| download | openssh-7ea8c1448529a36b991feb24841cbe8e0915d0e6.tar.gz | |
- pyr@cvs.openbsd.org 2008/05/07 05:49:37
[servconf.c servconf.h session.c sshd_config.5]
Enable the AllowAgentForwarding option in sshd_config (global and match
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.234 2008/04/18 22:01:33 djm Exp $ */ +/* $OpenBSD: session.c,v 1.235 2008/05/07 05:49:37 pyr Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -335,7 +335,8 @@ do_authenticated1(Authctxt *authctxt) break; case SSH_CMSG_AGENT_REQUEST_FORWARDING: - if (no_agent_forwarding_flag || compat13) { + if (!options.allow_agent_forwarding || + no_agent_forwarding_flag || compat13) { debug("Authentication agent forwarding not permitted for this authentication."); break; } @@ -2081,7 +2082,7 @@ session_auth_agent_req(Session *s) { static int called = 0; packet_check_eom(); - if (no_agent_forwarding_flag) { + if (no_agent_forwarding_flag || !options.allow_agent_forwarding) { debug("session_auth_agent_req: no_agent_forwarding_flag"); return 0; } |