Commit ae69e1d0 authored by Darren Tucker's avatar Darren Tucker

- sobrado@cvs.openbsd.org 2009/10/22 12:35:53

     [ssh.1 ssh-agent.1 ssh-add.1]
     use the UNIX-related macros (.At and .Ux) where appropriate.
     ok jmc@
parent 49b7e235
......@@ -6,6 +6,10 @@
- sobrado@cvs.openbsd.org 2009/10/17 12:10:39
[sftp-server.c]
sort flags.
- sobrado@cvs.openbsd.org 2009/10/22 12:35:53
[ssh.1 ssh-agent.1 ssh-add.1]
use the UNIX-related macros (.At and .Ux) where appropriate.
ok jmc@
20091011
- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
......
.\" $OpenBSD: ssh-add.1,v 1.46 2007/06/12 13:41:03 jmc Exp $
.\" $OpenBSD: ssh-add.1,v 1.47 2009/10/22 12:35:53 sobrado Exp $
.\"
.\" -*- nroff -*-
.\"
......@@ -37,7 +37,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 12 2007 $
.Dd $Mdocdate: October 22 2009 $
.Dt SSH-ADD 1
.Os
.Sh NAME
......@@ -148,8 +148,9 @@ may be necessary to redirect the input from
.Pa /dev/null
to make this work.)
.It Ev SSH_AUTH_SOCK
Identifies the path of a unix-domain socket used to communicate with the
agent.
Identifies the path of a
.Ux
domain socket used to communicate with the agent.
.El
.Sh FILES
.Bl -tag -width Ds
......
.\" $OpenBSD: ssh-agent.1,v 1.47 2009/03/26 08:38:39 sobrado Exp $
.\" $OpenBSD: ssh-agent.1,v 1.48 2009/10/22 12:35:53 sobrado Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 26 2009 $
.Dd $Mdocdate: October 22 2009 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
......@@ -67,7 +67,9 @@ machines using
The options are as follows:
.Bl -tag -width Ds
.It Fl a Ar bind_address
Bind the agent to the unix-domain socket
Bind the agent to the
.Ux
domain socket
.Ar bind_address .
The default is
.Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .
......@@ -162,8 +164,9 @@ Instead, operations that require a private key will be performed
by the agent, and the result will be returned to the requester.
This way, private keys are not exposed to clients using the agent.
.Pp
A unix-domain socket is created
and the name of this socket is stored in the
A
.Ux
domain socket is created and the name of this socket is stored in the
.Ev SSH_AUTH_SOCK
environment
variable.
......@@ -186,7 +189,8 @@ Contains the protocol version 2 DSA authentication identity of the user.
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
Unix-domain sockets used to contain the connection to the
.Ux
domain sockets used to contain the connection to the
authentication agent.
These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
......
......@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.284 2009/10/08 20:42:12 jmc Exp $
.Dd $Mdocdate: October 8 2009 $
.\" $OpenBSD: ssh.1,v 1.285 2009/10/22 12:35:53 sobrado Exp $
.Dd $Mdocdate: October 22 2009 $
.Dt SSH 1
.Os
.Sh NAME
......@@ -132,8 +132,9 @@ This can also be specified on a per-host basis in a configuration file.
.Pp
Agent forwarding should be enabled with caution.
Users with the ability to bypass file permissions on the remote host
(for the agent's Unix-domain socket)
can access the local agent through the forwarded connection.
(for the agent's
.Ux
domain socket) can access the local agent through the forwarded connection.
An attacker cannot obtain key material from the agent,
however they can perform operations on the keys that enable them to
authenticate using the identities loaded into the agent.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment