CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2023/07/19 07:56:33
Modified files:
usr.bin/ssh : ssh-agent.1 ssh-agent.c
Log message:
Disallow remote addition of FIDO/PKCS11 provider libraries to
ssh-agent by default.
The old behaviour of allowing remote clients from loading providers
can be restored using `ssh-agent -O allow-remote-pkcs11`.
Detection of local/remote clients requires a ssh(1) that supports
the `session-b...@openssh.com` extension. Forwarding access to a
ssh-agent socket using non-OpenSSH tools may circumvent this control.
ok markus@
