https://bugzilla.mindrot.org/show_bug.cgi?id=3412
Bug ID: 3412 Summary: ssh_config(5): more clearly describe PubkeyAuthentication values Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-b...@mindrot.org Reporter: cales...@scientia.org Hey. Would it be possible to describe the values for PubkeyAuthentication more clearly? "yes" and "no" are probably clear, simply enabling/disabling *any* PubkeyAuthentication. But for "unbound" and "host-bound" it merely says: "The final two options enable public key authentication while respectively disabling or enabling the OpenSSH host-bound authentication protocol extension required for restricted ssh-agent(1) forwarding." Okay... so they both enable PubkeyAuthentication... but "unbound" disables the ssh-agent extension, while "host-bound" enables them? Shouldn't that mean that one of them ("unbound"?) is synonymous to "yes"? And which of them would be the more restricted options? Since that ssh-agent extension, AFAIU, can only restrict (further), then "host-bound" should be the safest choice? Thanks, Chris. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs