diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2024-11-06 22:51:27 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2024-11-06 22:51:27 +0000 |
commit | ef15bf9fd8e2d8a6fb1fb39451923c217426b923 (patch) | |
tree | 057ccd17ce30e76050a66040c7f35c6c1f4d1e59 /usr.bin/w | |
parent | 6e31d2aa91e36a4a963beba21dfb1265c01a3df7 (diff) |
ssh-agent implemented an all-or-nothing allow-list of FIDO application
IDs for security key-backed keys, to prevent web key handles from
being used remotely as this would likely lead to unpleasant surprises.
By default, only application IDs that start with "ssh:*" are allowed.
This adds a -Owebsafe-allow=... argument that can override the default
list with a more or less restrictive one. The default remains unchanged.
ok markus@
Diffstat (limited to 'usr.bin/w')
0 files changed, 0 insertions, 0 deletions