CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2024/11/06 15:51:26
Modified files:
usr.bin/ssh : ssh-agent.1 ssh-agent.c
Log message:
ssh-agent implemented an all-or-nothing allow-list of FIDO application
IDs for security key-backed keys, to prevent web key handles from
being used remotely as this would likely lead to unpleasant surprises.
By default, only application IDs that start with "ssh:*" are allowed.
This adds a -Owebsafe-allow=... argument that can override the default
list with a more or less restrictive one. The default remains unchanged.
ok markus@
