suggested SSH client configuration

This commit is contained in:
2023-02-24 10:48:29 +01:00
parent 6050135c29
commit 5418a4ad6b
+1 -1
View File
@@ -74,7 +74,7 @@ Host *.psi.ch
```
Here we by default do not trust the machines we connect to, e.g. we do not delegate the Kerberos TGT, do not forward the SSH agent and do not do X forwarding, stuff which could be abused when the destination machine is compromised or run by an hostile admin.
The "trusted" connection are selected on a case by case basis when needed (e.g. for AFS) by using their FQDN instead of just the short name.
Features requiring trust are selected on a case by case basis when needed (e.g. for AFS) by using their FQDN instead of just the short name.
Alternatively you might use
- `ssh -K` for `GSSAPIDelegateCredentials yes` (Kerberos TGT delegation)