CVSROOT: /cvs Module name: src Changes by: d...@cvs.openbsd.org 2023/07/19 07:56:33
Modified files: usr.bin/ssh : ssh-agent.1 ssh-agent.c Log message: Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-b...@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. ok markus@