| Summary: | ssh_config(5): more clearly describe PubkeyAuthentication values | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Christoph Anton Mitterer <calestyo> |
| Component: | Documentation | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | NEW --- | ||
| Severity: | enhancement | CC: | djm |
| Priority: | P5 | ||
| Version: | 8.9p1 | ||
| Hardware: | Other | ||
| OS: | All | ||
There's no more restrictive option - the restriction is performed in ssh-agent. The other options are mostly for debugging and regression testing. |
Hey. Would it be possible to describe the values for PubkeyAuthentication more clearly? "yes" and "no" are probably clear, simply enabling/disabling *any* PubkeyAuthentication. But for "unbound" and "host-bound" it merely says: "The final two options enable public key authentication while respectively disabling or enabling the OpenSSH host-bound authentication protocol extension required for restricted ssh-agent(1) forwarding." Okay... so they both enable PubkeyAuthentication... but "unbound" disables the ssh-agent extension, while "host-bound" enables them? Shouldn't that mean that one of them ("unbound"?) is synonymous to "yes"? And which of them would be the more restricted options? Since that ssh-agent extension, AFAIU, can only restrict (further), then "host-bound" should be the safest choice? Thanks, Chris.