From: Jacob Nevins Date: Fri, 25 Mar 2016 00:18:18 +0000 (+0000) Subject: Emphasise that agent forwarding exposes all keys. X-Git-Tag: 0.68~228 X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;ds=inline;h=e74f19cb6f19c8613d521d809e0879f7df35ad8c;p=PuTTY.git Emphasise that agent forwarding exposes all keys. (A bit.) --- diff --git a/doc/pageant.but b/doc/pageant.but index b1650318..f25119dd 100644 --- a/doc/pageant.but +++ b/doc/pageant.but @@ -260,10 +260,10 @@ as long as they want. However, the sysadmin of the server machine can always pretend to be you \e{on that machine}. So if you forward your agent to a server machine, then the sysadmin of that machine can access the forwarded -agent connection and request signatures from your private keys, and -can therefore log in to other machines as you. They can only do this -to a limited extent - when the agent forwarding disappears they lose -the ability - but using Pageant doesn't actually \e{prevent} the +agent connection and request signatures from any of your private keys, +and can therefore log in to other machines as you. They can only do +this to a limited extent - when the agent forwarding disappears they +lose the ability - but using Pageant doesn't actually \e{prevent} the sysadmin (or hackers) on the server from doing this. Therefore, if you don't trust the sysadmin of a server machine, you