Browse Source

ssh_config: document ForwardAgent and ForwardX11...

...Previously they were no without explanation, but it never hurts to
explicitly have comments on not doing that, I didn't quickly find
anything nice for ForwardAgent, but I remember the Matrix.org people
somehow avoiding hearing it and ForwardX11 first result was that
StackExchange.
master
parent
commit
856085bd74
Signed by: mikaela <mikaela@unicus.com> GPG Key ID: 440D764E4F4A6C2D
1 changed files with 3 additions and 0 deletions
  1. +3
    -0
      etc/ssh/ssh_config

+ 3
- 0
etc/ssh/ssh_config View File

@@ -15,7 +15,10 @@ Host *
# closed.
ControlPersist yes

# SSH Agent forwarding is behind a lot of security breaches, never do it
# Most recently https://github.com/matrix-org/matrix.org/issues/371
ForwardAgent no
# Never do that either https://security.stackexchange.com/a/14817/234532
ForwardX11 no

# Debian sets this as yes, upstream no. TODO: What is it?


Loading…
Cancel
Save