From khera@kciLink.com  Fri Jun 15 12:05:34 2001
Return-Path: <khera@kciLink.com>
Received: from yertle.kciLink.com (yertle.kcilink.com [216.194.193.105])
	by hub.freebsd.org (Postfix) with ESMTP id C68D637B409
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 Jun 2001 12:05:33 -0700 (PDT)
	(envelope-from khera@kciLink.com)
Received: from onceler.kciLink.com (onceler.kciLink.com [216.194.193.106])
	by yertle.kciLink.com (Postfix) with ESMTP id 28ADE2E45F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 Jun 2001 15:05:33 -0400 (EDT)
Received: (from khera@localhost)
	by onceler.kciLink.com (8.11.4/8.11.3) id f5FJ5X372686;
	Fri, 15 Jun 2001 15:05:33 -0400 (EDT)
	(envelope-from khera)
Message-Id: <200106151905.f5FJ5X372686@onceler.kciLink.com>
Date: Fri, 15 Jun 2001 15:05:33 -0400 (EDT)
From: <khera@kciLink.com>
Reply-To: khera@kciLink.com
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: error in security man page
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         28182
>Category:       docs
>Synopsis:       ssh doesn't auto-forward keys
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 15 12:10:03 PDT 2001
>Closed-Date:    Wed Jul 18 23:07:31 PDT 2001
>Last-Modified:  Wed Jul 18 23:07:39 PDT 2001
>Originator:     Vivek Khera
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD onceler.kciLink.com 4.3-STABLE FreeBSD 4.3-STABLE #6: Mon Jun 11 12:39:31 EDT 2001 khera@yertle.kciLink.com:/u/yertle2/usr.obj/amd/onceler/u/onceler1/usr/src/sys/ONCELER i386


	
>Description:
	

The security man page says:

     Ssh works quite well in every respect except that it forwards encryption
     keys by default.  What this means is that if you have a secure worksta-
     tion holding keys that give you access to the rest of the system, and you
     ssh to an unsecure machine, your keys becomes exposed.  The actual keys
     themselves are not exposed, but ssh installs a forwarding port for the

This is no longer true; ssh on 4.3 systems doesn't do agent/key
forwarding by default any more.

>How-To-Repeat:
	
>Fix:

	
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: dd 
State-Changed-When: Fri Jun 15 17:32:28 PDT 2001 
State-Changed-Why:  
Fixed in -current, thanks! 


Responsible-Changed-From-To: freebsd-doc->dd 
Responsible-Changed-By: dd 
Responsible-Changed-When: Fri Jun 15 17:32:28 PDT 2001 
Responsible-Changed-Why:  
My MFC reminder. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28182 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dd 
State-Changed-When: Wed Jul 18 23:07:31 PDT 2001 
State-Changed-Why:  
MFC'd, thanks. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28182 
>Unformatted:
