[ssh-agent.1]
     clarify/state that private keys are not exposed to clients using the
     agent; ok markus@
This commit is contained in:
Ben Lindstrom 2001-12-06 16:37:51 +00:00
parent d84df989db
commit 11f790bbb1
2 changed files with 11 additions and 2 deletions

View File

@ -12,6 +12,10 @@
- markus@cvs.openbsd.org 2001/11/19 11:20:21
[sshd.c]
fd leak on HUP; ok stevesk@
- stevesk@cvs.openbsd.org 2001/11/19 18:40:46
[ssh-agent.1]
clarify/state that private keys are not exposed to clients using the
agent; ok markus@
20011126
- (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
@ -6934,4 +6938,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
$Id: ChangeLog,v 1.1670 2001/12/06 16:35:40 mouring Exp $
$Id: ChangeLog,v 1.1671 2001/12/06 16:37:51 mouring Exp $

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $
.\" $OpenBSD: ssh-agent.1,v 1.29 2001/11/19 18:40:46 stevesk Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -127,6 +127,11 @@ Later
.Xr ssh 1
looks at these variables and uses them to establish a connection to the agent.
.Pp
The agent will never send a private key over its request channel.
Instead, operations that require a private key will be performed
by the agent, and the result will be returned to the requester.
This way, private keys are not exposed to clients using the agent.
.Pp
A unix-domain socket is created
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
and the name of this socket is stored in the