Difference between revisions of "ForwardAgent"
Jump to navigation
Jump to search
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | ForwardAgent | ||
+ | Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. The | ||
+ | argument must be ''yes'' or ''no''. The default is ''no''. | ||
+ | |||
+ | Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote | ||
+ | host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. An attacker | ||
+ | cannot obtain key material from the agent, however they can perform operations on the keys that enable them to | ||
+ | authenticate using the identities loaded into the agent. | ||
+ | [[~/.ssh/config]] | ||
+ | [[-J]] | ||
+ | [[ProxyJump]] | ||
+ | == See also == | ||
+ | * {{ssh}} | ||
− | + | [[Category:ssh]] |
Latest revision as of 12:43, 20 February 2023
ForwardAgent
Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. The argument must be yes or no. The default is no. Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.
~/.ssh/config -J ProxyJump
See also[edit]
- SSH:
ssh
, TLS,.ppk, .pem, .crt, .pub
, ED25519, Key exchange method (KEX), public key, private key,ssh -Q kex
,IAMUserSSHKeys
,known_hosts
, ssh tunnel, Dropbear
Advertising: