- stevesk@cvs.openbsd.org 2001/11/19 18:40:46 [ssh-agent.1] clarify/state that private keys are not exposed to clients using the agent; ok markus@

commit: 11f790bbb1fb286006aa04e78fb9965110a4af90 [log] [tgz]
author: Ben Lindstrom <mouring@eviladmin.org> Thu Dec 06 16:37:51 2001 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> Thu Dec 06 16:37:51 2001 +0000
tree: bad82880286e56fd5411225e435ff2a496952633
parent: d84df989db48f76be16c34f7795e6788ee7841bc [diff] [blame]
diff --git a/ssh-agent.1 b/ssh-agent.1
index 00c1992..2b9f3d9 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.29 2001/11/19 18:40:46 stevesk Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -127,6 +127,11 @@
 .Xr ssh 1
 looks at these variables and uses them to establish a connection to the agent.
 .Pp
+The agent will never send a private key over its request channel.
+Instead, operations that require a private key will be performed
+by the agent, and the result will be returned to the requester.
+This way, private keys are not exposed to clients using the agent.
+.Pp
 A unix-domain socket is created
 .Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
 and the name of this socket is stored in the
commit	11f790bbb1fb286006aa04e78fb9965110a4af90	[log] [tgz]
author	Ben Lindstrom <mouring@eviladmin.org>	Thu Dec 06 16:37:51 2001 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	Thu Dec 06 16:37:51 2001 +0000
tree	bad82880286e56fd5411225e435ff2a496952633
parent	d84df989db48f76be16c34f7795e6788ee7841bc [diff] [blame]