From ac9c85e78302a5a8b22b6445e326a92a32b7ed5c Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Thu, 11 Aug 2022 06:02:13 +0530
Subject: [PATCH] Add a note about password auth over SSH

---
 docs/remote-control.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/remote-control.rst b/docs/remote-control.rst
index a734a02a7..03c0fb194 100644
--- a/docs/remote-control.rst
+++ b/docs/remote-control.rst
@@ -203,6 +203,18 @@ disallow the remote control request. The user can choose to allow or disallow
 either just that request or all requests using that password. The user's
 decision is remembered for the duration of that kitty instance.
 
+.. note::
+   For password based authentication to work over SSH, you must pass the
+   :envvar:`KITTY_PUBLIC_KEY` environment variable to the remote host. The
+   :doc:`ssh kitten <kittens/ssh>` does this for you automatically. When
+   using a password, public key cryptography is used to ensure the password
+   is kept secure. This does mean that using password based authentication
+   is slower as the entire command is encrypted before transmission. This
+   can be noticeable when using a command like ``kitty @ set-background-image``
+   which transmits large amounts of image data. Also, the clock on the remote
+   system must match (within a few minutes) the clock on the local system.
+   kitty uses a time based nonce to minimise the potential for replay attacks.
+
 .. _rc_custom_auth:
 
 Customizing authorization with your own program