diff --git a/user-guide/ssh_client_config.md b/user-guide/ssh_client_config.md index e1fa8844..4e91c14a 100644 --- a/user-guide/ssh_client_config.md +++ b/user-guide/ssh_client_config.md @@ -74,7 +74,7 @@ Host *.psi.ch ``` Here we by default do not trust the machines we connect to, e.g. we do not delegate the Kerberos TGT, do not forward the SSH agent and do not do X forwarding, stuff which could be abused when the destination machine is compromised or run by an hostile admin. -The "trusted" connection are selected on a case by case basis when needed (e.g. for AFS) by using their FQDN instead of just the short name. +Features requiring trust are selected on a case by case basis when needed (e.g. for AFS) by using their FQDN instead of just the short name. Alternatively you might use - `ssh -K` for `GSSAPIDelegateCredentials yes` (Kerberos TGT delegation)