From c78f59fd9d268b42c07f8e0b14eaca17dce87b7c Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Sun, 17 Mar 2019 15:17:52 +0000 Subject: [PATCH] Document ACL restriction options for Pageant. These are just cross-references to the existing descriptions in the "Using PuTTY" section. --- doc/pageant.but | 11 +++++++++++ doc/using.but | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/doc/pageant.but b/doc/pageant.but index f25119dd..186d62eb 100644 --- a/doc/pageant.but +++ b/doc/pageant.but @@ -159,6 +159,17 @@ by the command, like this: \c C:\PuTTY\pageant.exe d:\main.ppk -c C:\PuTTY\putty.exe +\S{pageant-cmdline-restrict-acl} Restricting the \i{Windows process ACL} + +Pageant supports the same \i\c{-restrict-acl} option as the other +PuTTY utilities to lock down the Pageant process's access control; +see \k{using-cmdline-restrict-acl} for why you might want to do this. + +By default, if Pageant is started with \c{-restrict-acl}, it won't +pass this to any PuTTY sessions started from its System Tray submenu. +Use \c{-restrict-putty-acl} to change this. (Again, see +\k{using-cmdline-restrict-acl} for details.) + \H{pageant-forward} Using \i{agent forwarding} Agent forwarding is a mechanism that allows applications on your SSH diff --git a/doc/using.but b/doc/using.but index 515e3a4d..b920a414 100644 --- a/doc/using.but +++ b/doc/using.but @@ -1071,4 +1071,4 @@ Pageant stores the more critical information (hence benefits more from the extra protection), so it's reasonable to want to run Pageant but not PuTTY with the ACL restrictions. You can force Pageant to start subsidiary PuTTY processes with a restricted ACL if you also pass the -\c{-restrict-putty-acl} option. +\i\c{-restrict-putty-acl} option.