From 5418a4ad6b2301407be494d4903c643b4949d44e Mon Sep 17 00:00:00 2001 From: Konrad Bucheli Date: Fri, 24 Feb 2023 10:48:29 +0100 Subject: [PATCH] suggested SSH client configuration --- user-guide/ssh_client_config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user-guide/ssh_client_config.md b/user-guide/ssh_client_config.md index e1fa8844..4e91c14a 100644 --- a/user-guide/ssh_client_config.md +++ b/user-guide/ssh_client_config.md @@ -74,7 +74,7 @@ Host *.psi.ch ``` Here we by default do not trust the machines we connect to, e.g. we do not delegate the Kerberos TGT, do not forward the SSH agent and do not do X forwarding, stuff which could be abused when the destination machine is compromised or run by an hostile admin. -The "trusted" connection are selected on a case by case basis when needed (e.g. for AFS) by using their FQDN instead of just the short name. +Features requiring trust are selected on a case by case basis when needed (e.g. for AFS) by using their FQDN instead of just the short name. Alternatively you might use - `ssh -K` for `GSSAPIDelegateCredentials yes` (Kerberos TGT delegation)