commit 4f755cdc05f5c6dee7cb1894f8d3bcaee33443d0
author Damien Miller <djm@mindrot.org> Mon May 19 14:57:41 2008 +1000
committer Damien Miller <djm@mindrot.org> Mon May 19 14:57:41 2008 +1000
tree 73c05a3429a9d63d32b373fd3bd92900d43883da
parent bacb7fbd7e7716a4d3148769d43d8896cbfb2c54

   - pyr@cvs.openbsd.org 2008/05/07 05:49:37
     [servconf.c servconf.h session.c sshd_config.5]
     Enable the AllowAgentForwarding option in sshd_config (global and match
     context), to specify if agents should be permitted on the server.
     As the man page states:
     ``Note that disabling Agent forwarding does not improve security
     unless users are also denied shell access, as they can always install
     their own forwarders.''
     ok djm@, ok and a mild frown markus@

servconf.h

diff --git a/servconf.h b/servconf.h
index 5b88067..aaf87cd 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.82 2008/02/13 22:38:17 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.83 2008/05/07 05:49:37 pyr Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -101,6 +101,7 @@
 	int     use_login;	/* If true, login(1) is used */
 	int     compression;	/* If true, compression is allowed */
 	int	allow_tcp_forwarding;
+	int	allow_agent_forwarding;
 	u_int num_allow_users;
 	char   *allow_users[MAX_ALLOW_USERS];
 	u_int num_deny_users;