OpenSSH doesn't forward keys by default.

2001-06-16 00:32:19 +00:00 · 2001-06-16 00:32:19 +00:00 · 935cf14795
commit 935cf14795
parent 6a8d5663b7
1 changed files with 3 additions and 2 deletions
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@ -650,8 +650,9 @@ kerberos does not encrypt a session unless you use the
 .Fl x
 option.  Ssh encrypts everything by default.
 .Pp
-Ssh works quite well in every respect except that it forwards encryption keys
-by default.  What this means is that if you have a secure workstation holding 
+Ssh works quite well in every respect except when it is set up to
+forward encryption keys.
+What this means is that if you have a secure workstation holding 
 keys that give you access to the rest of the system, and you ssh to an
 unsecure machine, your keys becomes exposed.  The actual keys themselves are
 not exposed, but ssh installs a forwarding port for the duration of your